Can you change the admin user password on forwarde...

jbleich · ‎08-29-2014

I have a forwarder in which we forgot the admin password. Right now it's causing the vmware app to only partially work. Before submitting a ticket on that I really need to know if i can get that password changed.

I'm using >splunk edit user admin -password "new_password" -auth admin:current_password, but obviously dont know the current.

jbillings · ‎12-13-2019

On 7.1 or newer, you'll need to use the user.seed.conf. Hurricane Labs has a good rundown on how to do it.
https://www.hurricanelabs.com/splunk-tutorials/splunk-7-1-performing-a-splunk-password-reset

Mimshach

So i had the same issues on my splunk forwarder 9.3.** version and used the recommendation provided on https://www.hurricanelabs.com/splunk-tutorials/splunk-7-1-performing-a-splunk-password-reset. Especially the last video, which finally granted me access.

Yasaswy · ‎08-29-2014

Yes. You can rename the $SPLUNKHOME/etc/passswd and restart splunkforwarder to rest it to default "changeme".

dfrankekcg · ‎07-13-2016

This worked for me, allowed me to safely change the admin password of a heavy forwarder to the default--which I changed to something more secure right away.

Yasaswy · ‎08-29-2014

Sure.If you installed it in the default location (/opt/splunkforwarder)
1)mv /opt/splunkforwarder/etc/passwd /opt/splunkforwarder/etc/passwd_OLD
3)cd /opt/splunkforwarder/bin
4)./splunk restart

you should now be able to login with default password "changeme".

on Windows ... go to install directory and rename the passwd file under etc.

jbleich · ‎08-29-2014

I'm very much a splunk newbie, can you be a bit more specific or point me to some documentation w/ some steps to do this task.

Can you change the admin user password on forwarder if you dont know the current?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation