Getting Data In

Globally change universal forwarder password

Communicator

I have the UF deployed on around 2000 windows clients. Both server and workstation editions. What would be the best way to go about universally changing the default password on these once installed?

1 Solution

SplunkTrust
SplunkTrust

A quick way is to setup a windows scripted input. Inside the scripted input, you run the command:

$SPLUNK_HOME\bin\splunk.exe edit user admin -password $NEWPASSWORD -auth admin:changeme

Once this is run, you can delete the input from the forwarders. It won't run correctly again, because the admin password is now changed. After they have all been updated, you can remove the input. I'm assuming you have Deployment Server

View solution in original post

New Member

/opt/splunkforwarder/bin/splunk edit user admin -password $NEWPASSWORD

This doesn't work - how can I change the password without knowing the default or entered password for the forwarder?

Thanks

0 Karma

Esteemed Legend

Try the "UF password changer" app!

https://splunkbase.splunk.com/app/2722/

Path Finder

There is no documentation available for this app.

0 Karma

Hi @woodcock

I have tried using this app and it does not seem to work out as desired. I have enabled the app but still the forwarder are running with old default password. Am I missing anything here

Regards

0 Karma

Esteemed Legend

Yes, splunk has changed many things about auth/passwords since this app was last updated. I am pretty sure that @scruse is no longer updating it but maybe he will comment.

0 Karma

SplunkTrust
SplunkTrust

A quick way is to setup a windows scripted input. Inside the scripted input, you run the command:

$SPLUNK_HOME\bin\splunk.exe edit user admin -password $NEWPASSWORD -auth admin:changeme

Once this is run, you can delete the input from the forwarders. It won't run correctly again, because the admin password is now changed. After they have all been updated, you can remove the input. I'm assuming you have Deployment Server

View solution in original post

Communicator

I do not have a deployment server. Working on that one this week. I'll do this through a login script. Thank you.

0 Karma