Getting Data In

Change on prem universal forwarder credential

dkordyban
Engager

We have several servers succesfully forwarding eventlogs to our on prem splunk server. No one can remember the credentials when installing the forwarder. What is the best way to handle this problem without breaking forwarding on the other servers?

Thanks

 

 

Labels (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The forwarder's admin credentials have no bearing on its ability to forward data.  The credentials are used only in the user interface (CLI).

To change the password, first create a $SPLUNK_HOME/etc/system/local/user-seed.conf file on the forwarder.  The file should look like this:

[user_info]
USERNAME = admin
PASSWORD = somepassword

Then delete $SPLUNK_HOME/etc/passwd and restart the forwarder.  When the forwarder starts up it will populate a new passwd file using the contents of user-seed.conf.

 

---
If this reply helps you, Karma would be appreciated.
0 Karma

SinghK
Builder

If you are saying that you set an admin password during installation you can change it %splunk_home %\etc\passwd rename it passed.bak and restart splunk it will create a new file default passed is I think changeme.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

This method hasn't been supported since an early 7.x release.  Splunk does not have a default password any longer.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

New Release of Federated Search: Bringing Splunk Analytics to More of Your Data

Organizations today are generating more data than ever and storing it across cloud object stores, data lakes, ...

Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents

Tech Talk Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents   Correlating ...

Observability Simplified: Combining User Experience, Application Performance & ...

  Tech Talk Network to App: Observability Unlocked   Today’s digital environments span applications, ...