Installation

How do we validate Splunk UF password change?

bbaker070
Observer

We are attempting to change the password across all Universal forwarders using the command found in this link which references this command:

./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme

 

Everything seems to run with no errors, however, how do we validate the password was actually changed to the correct one?

 

Prior to the change I would remotely browse a host with a UF (https://IP ADDRESS:8089) > Click on services > enter admin followed by default password and it would proceed to authenticate me.

 

After the password change I would follow the same process but instead the password box kept re-occurring after every password attempt indicating that the password may not have been set correctly.

 

How would we validate that the actual password has been change on the UF?

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...