Deployment Architecture
Highlighted

Are there any dangers in changing the splunk user password on a deployment server?

I am trying to restart the deployment server service as a root user.

./splunk reload deploy-server

I get an error

Could not create splunk settings directory at '/root/ .splunk

So I tried to sudo su splunk (to switch to splunk user)
Tried again and it will run but prompts for username/password. I never created this user and don't know the password.
Since I have root on the box, I can easily change the splunk user's password. however, with great power.........bla bla bla..
Are there any dangers in changing the splunk user password on the deployment server?

0 Karma
Highlighted

Re: Are there any dangers in changing the splunk user password on a deployment server?

Influencer

It sounds like you are being prompted for Splunk credentials. To reset Splunk's admin password, rename $SPLUNK_HOME/etc/passwd to something else, then restart splunk. You will then be able to execute the "splunk reload deploy-server" command with admin/changeme.

0 Karma
Highlighted

Re: Are there any dangers in changing the splunk user password on a deployment server?

Ultra Champion

When you run ./splunk reload deploy-server, the user you use is the UI user, quite often, admin. So, it's not related to the Linux user which runs the Splunk processes...

View solution in original post

Highlighted

Re: Are there any dangers in changing the splunk user password on a deployment server?

Thank you for your explanation, I was over thinking it as a Linux perms issue.
I ran the command as the splunk user and entered a username /password that was configured on the UI with admin priv.

reloaded w/o issue.

client inputs.conf is still old. so hoping that the client will phone home and download the new file form the DS.

0 Karma