Installation

How to Retrieve Splunk admin password

ramprakash
Explorer

Hi,

In our Splunk Architecture Indexers were setup in 2015 and now we need to put manual detention on one of the indexers but I am not able to do this as I don't know the admin password.

Can someone please help to retrieve.

B.R

Labels (3)
Tags (1)
0 Karma

Vardhan
Contributor

Hi,

change the admin password and restart the service then you can able to put the server in manulal detention.Please follow the below steps.

open the command prompt/terminal of your system. Find the passwd file( $SPLUNK_HOME/etc/passwd ) of Splunk and rename it as passwd.bk.

mv /opt/splunk/etc/passwd  /opt/splunk/etc/passwd.bk

Create a .conf file names user-seed.conf  in your $SPLUNK_HOME/etc/system/local directory.

 cd /opt/splunk/etc/system/local/user-seed.conf

[user_info]

USERNAME=admin

PASSWORD=<new_password>

/opt/splunk/bin/splunk restart

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...