I have a forwarder in which we forgot the admin password. Right now it's causing the vmware app to only partially work. Before submitting a ticket on that I really need to know if i can get that password changed.
I'm using >splunk edit user admin -password "new_password" -auth admin:current_password, but obviously dont know the current.
Sure.If you installed it in the default location (/opt/splunkforwarder)
1)mv /opt/splunkforwarder/etc/passwd /opt/splunkforwarder/etc/passwd_OLD
you should now be able to login with default password "changeme".
on Windows ... go to install directory and rename the passwd file under etc.