splunk admin password

splunk
shantanuo picture shantanuo · Aug 17, 2011 · Viewed 21.1k times · Source

How do I reset splunk admin password? I guess I need access to the file system that Splunk is running on in order to modify the password file. It does not use database so do I need to change a file/ variable?

Answer

shantanuo picture shantanuo · Aug 17, 2011

If you forgot your admin password you will need access to the file system that Splunk is running on in order to modify the password file. To reset the admin password:

  • Move the $SPLUNK_HOME/etc/passwd file to $SPLUNK_HOME/etc/passwd.bak

  • Restart Splunk. After the restart you should be able to login using the default login (admin/changeme).

If you created other user accounts, copy those entries from the backup file into the new passwd file and restart splunk.

Related questions

What does (?i) and ?@ in this regex mean

In the following regex what does "(?i)" and "?@" mean? (?i)<.*?@(?P<domain>\w+\.\w+)(?=>) I know that "?" means zero or one and that i sets case insensitivity. This regex captures domains from an email address in …

Read More
Splunk how to combine two queries and get one answer

I am very new to Splunk and basically been dropped in the deep end!! also very new to language so any help and tips on the below would be great. The out come i am trying to get is to …

Read More
Filtering splunk results using results of another splunk query

I want to use a query in splunk, extract a list of fields and then use these result fields to further filter my subsequent splunk query. How do I do this?

Read More