in DevOps Culture by
How to reset Splunk Admin password?

1 Answer

0 votes
by

Resetting the Splunk Admin password depends on the version of Splunk. If we are using Splunk 7.1 and above, then we have to follow the below steps:

First, we have to stop our Splunk Enterprise

  • Now, we need to find the ‘passwd’ file and rename it to ‘passwd.bk’
  • Then, we have to create a file named ‘user-seed.conf’ in the below directory:
  • $SPLUNK_HOME/etc/system/local/
  • In the file, we will have to use the following command (here, in the place of ‘NEW_PASSWORD’, we will add our own new password):

[user_info]

PASSWORD = NEW_PASSWORD

  • After that, we can just restart the Splunk Enterprise and use the new password to log in
  • Now, if we are using the versions prior to 7.1, we will follow the below steps:
  • First, stop the Splunk Enterprise
  • Find the passwd file and rename it to ‘passw.bk’
  • Start Splunk Enterprise and log in using the default credentials of admin/changeme
  • Here, when asked to enter a new password for our admin account, we will follow the instructions
  • Note: In case we have created other users earlier and know their login details, copy and paste their credentials from the passwd.bk file into the passwd file and restart Splunk.
...