I'm an admin and I installed Splunk without an admin password. It’s now saying that "No users exist" and no one can login. What should I do?
I recently had this problem. Turns out this is a known issue with a workaround.
Here is the fix.
Create a $SPLUNK_HOME/etc/system/local/user-seed.conf and restart Splunk
[user_info] PASSWORD = <yourpassword>
The "No users exist" message is only present in version 7.1 and for new installations of 7.1 admin:changeme no longer exists. There is no default password for the admin account and if a password is not provided during installation/startup, then no user is created.
You can set an admin password using the existing user-seed.conf. Add the username and password under [user_info]. Splunk will require a restart after. A better way is to use the new hash generator so that you don’t add a cleartext password. See the docs for a full explanation. http://docs.splunk.com/Documentation/Splunk/7.1.0/Security/Secureyouradminaccount#Create_a_password_...
During a scripted forwarder install, I experienced the same issue with package :“Splunkforwarder-7.1.1-8f0ead9ec3db-Linux-x86_64.tgz.”:
I will run a scripted install this morning with a field for an Admin password and see if the result is different.
You are correct. This is a new issue with 7.1.1