- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Globally change universal forwarder password
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the UF deployed on around 2000 windows clients. Both server and workstation editions. What would be the best way to go about universally changing the default password on these once installed?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A quick way is to setup a windows scripted input. Inside the scripted input, you run the command:
$SPLUNK_HOME\bin\splunk.exe edit user admin -password $NEWPASSWORD -auth admin:changeme
Once this is run, you can delete the input from the forwarders. It won't run correctly again, because the admin password is now changed. After they have all been updated, you can remove the input. I'm assuming you have Deployment Server
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
/opt/splunkforwarder/bin/splunk edit user admin -password $NEWPASSWORD
This doesn't work - how can I change the password without knowing the default or entered password for the forwarder?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try the "UF password changer" app!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no documentation available for this app.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @woodcock
I have tried using this app and it does not seem to work out as desired. I have enabled the app but still the forwarder are running with old default password. Am I missing anything here
Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, splunk has changed many things about auth/passwords since this app was last updated. I am pretty sure that @scruse is no longer updating it but maybe he will comment.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A quick way is to setup a windows scripted input. Inside the scripted input, you run the command:
$SPLUNK_HOME\bin\splunk.exe edit user admin -password $NEWPASSWORD -auth admin:changeme
Once this is run, you can delete the input from the forwarders. It won't run correctly again, because the admin password is now changed. After they have all been updated, you can remove the input. I'm assuming you have Deployment Server
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I do not have a deployment server. Working on that one this week. I'll do this through a login script. Thank you.
Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!
Transform your security operations with Splunk Enterprise Security
Splunk Admins and App Developers | Earn a $35 gift card!
