Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Default Credentials on Splunk Trial License

prictoej
New Member
‎10-01-2019 10:12 AM

First time signing into my trial license and it says "If you installed this instance, use the username and password you created at installation". I did not create any credentials upon installation. I have uninstalled and reinstalled and receive the same prompt, is there a way to reset the credentials and log in? (v7.3.1.1 Windows)

0 Karma
Reply

woodcock
Esteemed Legend
‎10-14-2019 03:51 PM

Go to $SPLUNK_HOME/etc/passwd and look at what users are defined. Now you know the username. Try to login with that user and PW=changeme; it probably won't work. Grab the PW from that file and then use the method here to decrypt it and reveal the PW:
https://www.hurricanelabs.com/splunk-tutorials/make-splunk-do-it-how-to-decrypt-passwords-encrypted-...

There are other methods but this is the easiest one that does not require you to have an admin-level uers's login (this only requires CLI access; it does not require any splunk user).

0 Karma
Reply

codebuilder
Influencer
‎10-02-2019 07:03 AM

As of version 7.1+ there is no default password ("changeme").

Also, the method for changing the password has changed. For your version, use the following steps:

Create a file in /op/splunk/etc/system/local/user-seed.conf (or Windows equivalent directory) and add the following parameters:

[user_info]
USERNAME = admin
PASSWORD = new_password_here

Then cycle Splunk and you should be good.

----
An upvote would be appreciated and Accept Solution if it helps!
Reply

JPrictoe
Loves-to-Learn
‎10-03-2019 11:07 AM

Thanks for the response. I think the previous comment was correct, it was installed in a directory I did not have full permissions on. I believe I have rectified that, I added a user-seed.conf file and put that stanza in, but Splunk still says "No users exist. Please set up a user".

0 Karma
Reply

codebuilder
Influencer
‎10-10-2019 08:35 AM

When you created the userseed.conf file, did you make sure to change ownership to splunk?
If you're running Splunk as the splunk user, but the file is owned by root, Splunk will ignore it.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎10-01-2019 02:09 PM

Is it possible that you have installed it into a directory where you don't have full permissions? If so, perhaps the script to set the password can't run.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-01-2019 10:20 AM

Have you tried admin/changeme?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...