For my customers i have added multiple users to run searches and create dashboards. Now an users name has changed and i have to rename the login name for this user.
Is there another way to change the login name of an user other than deleting and recreating?
If i am forced to delete and recreate the user, how can i preserve the users content?
I have a Search Head Cluster ..
As adonio mentioned, copy the user’s directory from $SPLUNK_HOME/etc/users to the sh cluster deployer (in $SPLUNK_HOME/etc/shcluster/users) and rename it to the new username.
Then, you will need to edit $SPLINK_HOME/etc/passwd on each sh cluster member and change the username in there.
You will have to restart the search heads for this change to take effect ( this might happen automatically when you apply the shcluster-bundle from the deployer)