Hi, Towards Splunk tool installation completion step, when I accept the license and start Splunk service I was asked to create a login which was successful and completed the installation process.
When I launch <> it will ask me to enter the login details used while creating the account if it is the first time login.
Splunk is not accepting login details created during the installation time.
I tried admin/changeme as well and it did not work.
Am I missing something? Please advise.
Thanks in advance.
Hi indut,
from the version 7.1.0, at installation you have to define the admin password, it isn't yet "changeme".
When you install Splunk Enterprise, you must create a username and password for your administrator account. If you do not specify any arguments when you install the software, it prompts you to create a username and a password during the installation process.
If you do not create the password during installation, an unusable installation can occur. This can happen, for example, if you use the --no-prompt Splunk CLI argument for starting Splunk Enterprise and also do not provide an administrator password in user-seed.conf. In such a case, you must create the administrator credentials manually for the instance to be accessible.
If you upgrade from an older version of Splunk Enterprise, the installation uses the old administrator credentials.
( see https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Secureyouradminaccount )
If you don't remember your admin password, you can reset it following these steps:
Prior 7.1.0
After 7.1.0
splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password="
Bye.
Giuseppe
i was unable to login with my credentials can u pls help me
Have you tried resetting the admin password?
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Secureyouradminaccount
You must have the ability to write to the underlying password file ($SPLUNK_HOME/etc/passwd).
splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password=<your password>"
You must restart Splunk Enterprise after making this change.
Thank you Zuehlaa for your quick reply.
I tried to update the passwd with the command provided above by opening passwd via vi editor and updated the above command but I was unable make use of <>/<> that I have updated in passwd file using vi editor.
I followed another approach by moving passwd file as a passwd.back and then updated as below using splunk docs reference:
Edit the $SPLUNK_HOME/etc/system/local/user-seed.conf file as follows:
[user_info]
USERNAME = admin
PASSWORD =
then I did below verification and I could login successfully.
To verify this I tried to login using
./splunk login auth --admin:<>
Hi indut,
from the version 7.1.0, at installation you have to define the admin password, it isn't yet "changeme".
When you install Splunk Enterprise, you must create a username and password for your administrator account. If you do not specify any arguments when you install the software, it prompts you to create a username and a password during the installation process.
If you do not create the password during installation, an unusable installation can occur. This can happen, for example, if you use the --no-prompt Splunk CLI argument for starting Splunk Enterprise and also do not provide an administrator password in user-seed.conf. In such a case, you must create the administrator credentials manually for the instance to be accessible.
If you upgrade from an older version of Splunk Enterprise, the installation uses the old administrator credentials.
( see https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Secureyouradminaccount )
If you don't remember your admin password, you can reset it following these steps:
Prior 7.1.0
After 7.1.0
splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password="
Bye.
Giuseppe
Thank you Gcusello for your quick reply.
I tried to update the passwd with the command provided above
splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password="
by opening passwd via vi editor and updated the above command.
Somehow I was unable make use of new <>/<> that I have updated as per the above command launching passwd file vi editor.
I followed another approach that you have suggested above by moving passwd file as a passwd.back and then updated as below using splunk docs reference:
Edit the $SPLUNK_HOME/etc/system/local/user-seed.conf file as follows:
[user_info]
USERNAME = admin
PASSWORD =
then I did below verification and I could login successfully.
./splunk login -auth admin admin/<>