Good morning all,
I have an issue/question that I hope someone here can possibly help me with.
Here is my situation: while trying to get the latest version of Splunk up and running, I discovered there is already an older version (501) running on another Windows server that I have responsibility for. That older version must have been installed by the previous admin as I have no information (usernames or passwords) for this installation, so I have no idea what it’s doing. I did manage to connect to it via the default url (xxx.xxx.xxx:8089), but that’s as far as I can get without any userid or passwords.
So here’s my question(s):
a) is there any way to “recover” those credentials?
b) If I were to just install the latest version over this current installation, what would happen? Would that original configuration remain intact?… would I still need those original credentials to save it or would everything just get blown away for the new install?
Thanks in advance and any suggestions would be greatly appreciated.
To reset the admin password -
- Take a backup of $SPLUNK_HOME/etc/passwd file as passwd.bak and Restart splunk.
- After the restart you should be able to login using the default login (admin/changeme).
If there any accounts already created then you can copy those entries from passwd.bak file into the new passwd file and restart splunk.