Getting Data In

Change on prem universal forwarder credential

dkordyban
Engager

We have several servers succesfully forwarding eventlogs to our on prem splunk server. No one can remember the credentials when installing the forwarder. What is the best way to handle this problem without breaking forwarding on the other servers?

Thanks

 

 

Labels (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The forwarder's admin credentials have no bearing on its ability to forward data.  The credentials are used only in the user interface (CLI).

To change the password, first create a $SPLUNK_HOME/etc/system/local/user-seed.conf file on the forwarder.  The file should look like this:

[user_info]
USERNAME = admin
PASSWORD = somepassword

Then delete $SPLUNK_HOME/etc/passwd and restart the forwarder.  When the forwarder starts up it will populate a new passwd file using the contents of user-seed.conf.

 

---
If this reply helps you, Karma would be appreciated.
0 Karma

SinghK
Builder

If you are saying that you set an admin password during installation you can change it %splunk_home %\etc\passwd rename it passed.bak and restart splunk it will create a new file default passed is I think changeme.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

This method hasn't been supported since an early 7.x release.  Splunk does not have a default password any longer.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...