Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

AWS Splunk Enterprise new EC2 instance login help

bt2025
Explorer
2 weeks ago

NEED HELP: Not able to sign-in with default password

On 11OCT2025, I tried launching a brand new Splunk Enterprise v10.0.1 from AMI into AWS EC2.

The ASK: Is there a way for me to change the default password via SSH?

If my AWS EC instance ID = "i-1234567890abcdefg"

On the Splunk web-console "http://a.b.c.d:8000"

username=admin

Attempted these default passwords with NO success.

SPLUNK-1234567890abcdefg
SPLUNK-i-1234567890abcdefg
SPLUNK-$1234567890abcdefg$
SPLUNK-$i-1234567890abcdefg$
 
 
bt2025_0-1760249484721.png

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bt2025
Explorer
2 weeks ago

Thank you so very much!

Firstly, for dispelling the default AWS EC2 default password format of SPLUNK-$instanceID$.

Net, you are absolutely right that the "server error" was not due to an incorrect password login.

Just for background info for other community explorers: This EC2 was deployed in us-east-1 with c5.xlarge.

I took the path of the workarounds given by the other Splunk community contributor(s) but initially it did not work. Due time constraints (too late on Saturday night), I gave up for the night.

The next day (Sunday), I tried the workarounds again, BAM! Works!

Net-net, I reckoned there was a long delay between the EC2 instance is READY "3/3 checks passed" and when it was actually SplunkD ready.

Thus, if other community readers encounter the same problem, please let your (Splunk v10) EC2 instance sit and simmer for a while before pulling your hair out on why the default password does NOT work.

Again, cheers always and continue happy splunk'ing!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

livehybrid
SplunkTrust
SplunkTrust
2 weeks ago

Hi @bt2025 

The other replies give info on how to reset the password, but to confirm what the password *should* be...

The password for the user 'admin' should be SPLUNK-i-1234567890abcdefg

However - the error you are getting "Server Error" is not the same as password incorrect failure. Please can you use the developer console in your browser to see what the full response to the login request is using the Network tab? 

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Solved! Jump to solution
Solution

bt2025
Explorer
2 weeks ago

Thank you so very much!

Firstly, for dispelling the default AWS EC2 default password format of SPLUNK-$instanceID$.

Net, you are absolutely right that the "server error" was not due to an incorrect password login.

Just for background info for other community explorers: This EC2 was deployed in us-east-1 with c5.xlarge.

I took the path of the workarounds given by the other Splunk community contributor(s) but initially it did not work. Due time constraints (too late on Saturday night), I gave up for the night.

The next day (Sunday), I tried the workarounds again, BAM! Works!

Net-net, I reckoned there was a long delay between the EC2 instance is READY "3/3 checks passed" and when it was actually SplunkD ready.

Thus, if other community readers encounter the same problem, please let your (Splunk v10) EC2 instance sit and simmer for a while before pulling your hair out on why the default password does NOT work.

Again, cheers always and continue happy splunk'ing!

0 Karma
Reply
Solved! Jump to solution

thahir
Contributor
2 weeks ago

@bt2025 

Please follow the below steps to reset the Splunk login

1. Navigate to the Splunk configuration directory

<Splunk installation directory>/splunk/etc/

2. Back up the existing password file

mv passwd passwd.backup

3. Go to the local system configuration folder

<Splunk installation directory>/splunk/etc/system/local/

4. Create a new file named user-seed.conf

Add the following contents inside the file (replace <newpassword> with your desired password):

[user_info]
USERNAME = admin
PASSWORD = <newpassword>

5. Restart Splunk from the command line

<Splunk installation directory>/splunk/bin/splunk restart

Reply
Solved! Jump to solution

bt2025
Explorer
2 weeks ago

Thank you this workaround works!

0 Karma
Reply
Solved! Jump to solution

kiran_panchavat
SplunkTrust
SplunkTrust
2 weeks ago

@bt2025 You can reset your admin password 

Find the passwd file for your instance (/opt/splunk/etc/passwd) and rename it to passwd.bk

Create a file named user-seed.conf in your /opt/splunk/etc/system/local/ directory.

In the file add the following text:

[user_info]
PASSWORD = NEW_PASSWORD

In the place of "NEW_PASSWORD" insert the password you would like to use.

Restart Splunk Enterprise and use the new password to log into your instance from Splunk Web.

https://splunk.my.site.com/customer/s/article/Reset-admin-password-for-Splunk-Instance-via-REST-API 

 

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
Reply
Solved! Jump to solution

bt2025
Explorer
2 weeks ago

Thank you this workaround works!

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...