Getting Data In

What is the user-seed.conf file?

nmensah
Explorer

I'm a bit confused about the user-seed.conf. Based on the documentation provided by Splunk, it seems this is to set up the initial password. Does this apply to Splunk universal forwarders? I am using the Splunk Enterprise version, and when I got to log into the web portion, I do change the default admin password. Do I still need to create a user-seed.conf file and then drop different credentials in there? Splunk doesn't really provide a good context for what this is used for in my opinion.

Here is the documentation I looked at: https://docs.splunk.com/Documentation/Splunk/6.5.0/Admin/User-seedconf

Thanks in advance!

lguinn2
Legend

When you change the Splunk password, either via the GUI or via the CLI, the $SPLUNK_HOME/etc/passwd file is updated and thereafter user-seed.conf is ignored.

However, if $SPLUNK_HOME//etc/passwd is ever deleted, user-seed.conf will again specify the default admin login password.

So the answer is - no, you don't need to set user-seed.conf unless you plan on removing your passwd file!

nmensah
Explorer

Thank you for the answer. So does this mean that if I change the initial password on the deployment server or indexer, I don't need to drop the user-seed.conf file in the forwarder?

0 Karma

lguinn2
Legend

I am not sure I understand what you mean. Changing the password of the deployment server or the indexer has no effect on the password of any forwarder.

You must change the password on each splunk instance. If you are not going to change the password on the forwarder, then you should use the user-seed.conf file. It is not encrypted, so the password will appear in clear text. That's pretty lame but I guess it beats leaving the password set to changeme

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...