Installation

How to Retrieve Splunk admin password

ramprakash
Explorer

Hi,

In our Splunk Architecture Indexers were setup in 2015 and now we need to put manual detention on one of the indexers but I am not able to do this as I don't know the admin password.

Can someone please help to retrieve.

B.R

Labels (3)
Tags (1)
0 Karma

Vardhan
Contributor

Hi,

change the admin password and restart the service then you can able to put the server in manulal detention.Please follow the below steps.

open the command prompt/terminal of your system. Find the passwd file( $SPLUNK_HOME/etc/passwd ) of Splunk and rename it as passwd.bk.

mv /opt/splunk/etc/passwd  /opt/splunk/etc/passwd.bk

Create a .conf file names user-seed.conf  in your $SPLUNK_HOME/etc/system/local directory.

 cd /opt/splunk/etc/system/local/user-seed.conf

[user_info]

USERNAME=admin

PASSWORD=<new_password>

/opt/splunk/bin/splunk restart

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.