How to Retrieve Splunk admin password



In our Splunk Architecture Indexers were setup in 2015 and now we need to put manual detention on one of the indexers but I am not able to do this as I don't know the admin password.

Can someone please help to retrieve.


Labels (3)
Tags (1)
0 Karma



change the admin password and restart the service then you can able to put the server in manulal detention.Please follow the below steps.

open the command prompt/terminal of your system. Find the passwd file( $SPLUNK_HOME/etc/passwd ) of Splunk and rename it as passwd.bk.

mv /opt/splunk/etc/passwd  /opt/splunk/etc/passwd.bk

Create a .conf file names user-seed.conf  in your $SPLUNK_HOME/etc/system/local directory.

 cd /opt/splunk/etc/system/local/user-seed.conf




/opt/splunk/bin/splunk restart

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...