In our Splunk Architecture Indexers were setup in 2015 and now we need to put manual detention on one of the indexers but I am not able to do this as I don't know the admin password.
Can someone please help to retrieve.
change the admin password and restart the service then you can able to put the server in manulal detention.Please follow the below steps.
open the command prompt/terminal of your system. Find the passwd file( $SPLUNK_HOME/etc/passwd ) of Splunk and rename it as passwd.bk.
mv /opt/splunk/etc/passwd /opt/splunk/etc/passwd.bk
Create a .conf file names user-seed.conf in your $SPLUNK_HOME/etc/system/local directory.