We are attempting to change the password across all Universal forwarders using the command found in this link which references this command:
./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme
Everything seems to run with no errors, however, how do we validate the password was actually changed to the correct one?
Prior to the change I would remotely browse a host with a UF (https://IP ADDRESS:8089) > Click on services > enter admin followed by default password and it would proceed to authenticate me.
After the password change I would follow the same process but instead the password box kept re-occurring after every password attempt indicating that the password may not have been set correctly.
How would we validate that the actual password has been change on the UF?