Getting Data In

Admin user accout delete on splunk Enterprise 7.0.1

euimok
Explorer

Hi Splunker
I have a question about splunk Enterprise 7.0.1
For security reason, my customer want to disable or delete admin account(default) ?
Are there people who experienced similar my case?

Thank you

0 Karma

gfreitas
Builder

I have deleted the default admin account many times. First I needed to create a new admin account and then just login with the new admin and remove the old one. As ivanreis said please make sure to re-assign all the knowledge objects of admin to the new user otherwise they will become orphan and you won't be able to use them.

0 Karma

ivanreis
Builder

I never experienced this customer request before. You have the option to clone the admin account to a new account. Also is important to highlight that all knowledge objects already created under admin account have to reassigned to this new user.

There is an old topic at splunk answer about the same topic, although it is related with the older Splunk versions, can be applied to your case as well.
https://answers.splunk.com/answers/65221/replacing-splunk-admin-account-with-a-non-standard-admin-ac...

0 Karma

euimok
Explorer

Hi ivanreis
Thank you for your answer . I did clone admin account(default) as spadmin but I can't delete admin account(default) user. 🙂
If you have any others good please let me know

0 Karma

ivanreis
Builder

In this case, my suggestion is to run a new Splunk enterprise installation and when splunk will start for the 1st time, you have to type the new admin user requested by customer, check this doc
https://docs.splunk.com/Documentation/Splunk/7.3.2/Installation/StartSplunkforthefirsttime.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...