Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Globally change universal forwarder password

antlefebvre
Communicator
‎10-06-2013 12:52 PM

I have the UF deployed on around 2000 windows clients. Both server and workstation editions. What would be the best way to go about universally changing the default password on these once installed?

Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎10-07-2013 04:33 AM

A quick way is to setup a windows scripted input. Inside the scripted input, you run the command:

$SPLUNK_HOME\bin\splunk.exe edit user admin -password $NEWPASSWORD -auth admin:changeme

Once this is run, you can delete the input from the forwarders. It won't run correctly again, because the admin password is now changed. After they have all been updated, you can remove the input. I'm assuming you have Deployment Server

View solution in original post

Reply
Solved! Jump to solution

shawno
New Member
‎02-21-2018 06:12 PM

/opt/splunkforwarder/bin/splunk edit user admin -password $NEWPASSWORD

This doesn't work - how can I change the password without knowing the default or entered password for the forwarder?

Thanks

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎10-26-2016 02:25 PM

Try the "UF password changer" app!

https://splunkbase.splunk.com/app/2722/

Reply
Solved! Jump to solution

sdawsonkg
Path Finder
‎03-14-2019 02:29 AM

There is no documentation available for this app.

0 Karma
Reply
Solved! Jump to solution

Sayanta_Basak_I
Explorer
‎05-30-2017 11:51 PM

Hi @woodcock

I have tried using this app and it does not seem to work out as desired. I have enabled the app but still the forwarder are running with old default password. Am I missing anything here

Regards

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎03-14-2019 12:54 PM

Yes, splunk has changed many things about auth/passwords since this app was last updated. I am pretty sure that @scruse is no longer updating it but maybe he will comment.

0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎10-07-2013 04:33 AM

A quick way is to setup a windows scripted input. Inside the scripted input, you run the command:

$SPLUNK_HOME\bin\splunk.exe edit user admin -password $NEWPASSWORD -auth admin:changeme

Once this is run, you can delete the input from the forwarders. It won't run correctly again, because the admin password is now changed. After they have all been updated, you can remove the input. I'm assuming you have Deployment Server

Reply
Solved! Jump to solution

antlefebvre
Communicator
‎10-07-2013 04:45 AM

I do not have a deployment server. Working on that one this week. I'll do this through a login script. Thank you.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...