Security

Can I rename a user without deleting and recreating the user?

New Member

For my customers i have added multiple users to run searches and create dashboards. Now an users name has changed and i have to rename the login name for this user.

Is there another way to change the login name of an user other than deleting and recreating?

If i am forced to delete and recreate the user, how can i preserve the users content?

I have a Search Head Cluster ..

0 Karma

Path Finder

As adonio mentioned, copy the user’s directory from $SPLUNK_HOME/etc/users to the sh cluster deployer (in $SPLUNK_HOME/etc/shcluster/users) and rename it to the new username.

Then, you will need to edit $SPLINK_HOME/etc/passwd on each sh cluster member and change the username in there.
You will have to restart the search heads for this change to take effect ( this might happen automatically when you apply the shcluster-bundle from the deployer)

0 Karma

SplunkTrust
SplunkTrust

are these native users? e.g. configured via splunk gui not ldap / ad ?
to preserve the user content, navigate to etc/users/UserName on the search head and copy content
hope it helps

0 Karma

New Member

Yes, these are native users, created with "splunk add user ..."
Can it be renamed?

Do I have to do the copy on all search heads?

0 Karma

SplunkTrust
SplunkTrust

you can copy the content of a user (from one of the search heads) and put it on the Deployer at .../ets/shcluster/users and deploy the configurations to the search heads

0 Karma