Can I rename a user without deleting and recreatin...

HeL42 · ‎12-12-2017

For my customers i have added multiple users to run searches and create dashboards. Now an users name has changed and i have to rename the login name for this user.

Is there another way to change the login name of an user other than deleting and recreating?

If i am forced to delete and recreate the user, how can i preserve the users content?

I have a Search Head Cluster ..

baldwintm · ‎12-13-2017

As adonio mentioned, copy the user’s directory from $SPLUNK_HOME/etc/users to the sh cluster deployer (in $SPLUNK_HOME/etc/shcluster/users) and rename it to the new username.

Then, you will need to edit $SPLINK_HOME/etc/passwd on each sh cluster member and change the username in there.
You will have to restart the search heads for this change to take effect ( this might happen automatically when you apply the shcluster-bundle from the deployer)

adonio · ‎12-12-2017

are these native users? e.g. configured via splunk gui not ldap / ad ?
to preserve the user content, navigate to etc/users/UserName on the search head and copy content
hope it helps

HeL42 · ‎12-12-2017

Yes, these are native users, created with "splunk add user ..."
Can it be renamed?

Do I have to do the copy on all search heads?

adonio · ‎12-12-2017

you can copy the content of a user (from one of the search heads) and put it on the Deployer at .../ets/shcluster/users and deploy the configurations to the search heads

Can I rename a user without deleting and recreating the user?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!