First time signing into my trial license and it says "If you installed this instance, use the username and password you created at installation". I did not create any credentials upon installation. I have uninstalled and reinstalled and receive the same prompt, is there a way to reset the credentials and log in? (v7.3.1.1 Windows)
Go to $SPLUNK_HOME/etc/passwd
and look at what users are defined. Now you know the username. Try to login with that user and PW=changeme
; it probably won't work. Grab the PW from that file and then use the method here to decrypt it and reveal the PW:
https://www.hurricanelabs.com/splunk-tutorials/make-splunk-do-it-how-to-decrypt-passwords-encrypted-...
There are other methods but this is the easiest one that does not require you to have an admin-level uers's login (this only requires CLI access; it does not require any splunk user).
As of version 7.1+ there is no default password ("changeme").
Also, the method for changing the password has changed. For your version, use the following steps:
Create a file in /op/splunk/etc/system/local/user-seed.conf (or Windows equivalent directory) and add the following parameters:
[user_info]
USERNAME = admin
PASSWORD = new_password_here
Then cycle Splunk and you should be good.
Thanks for the response. I think the previous comment was correct, it was installed in a directory I did not have full permissions on. I believe I have rectified that, I added a user-seed.conf file and put that stanza in, but Splunk still says "No users exist. Please set up a user".
When you created the userseed.conf file, did you make sure to change ownership to splunk?
If you're running Splunk as the splunk user, but the file is owned by root, Splunk will ignore it.
Is it possible that you have installed it into a directory where you don't have full permissions? If so, perhaps the script to set the password can't run.
Have you tried admin/changeme?