Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can I rename a user without deleting and recreating the user?

HeL42
Engager
‎12-12-2017 10:23 AM

For my customers i have added multiple users to run searches and create dashboards. Now an users name has changed and i have to rename the login name for this user.

Is there another way to change the login name of an user other than deleting and recreating?

If i am forced to delete and recreate the user, how can i preserve the users content?

I have a Search Head Cluster ..

Reply

baldwintm
Path Finder
‎12-13-2017 04:23 PM

As adonio mentioned, copy the user’s directory from $SPLUNK_HOME/etc/users to the sh cluster deployer (in $SPLUNK_HOME/etc/shcluster/users) and rename it to the new username.

Then, you will need to edit $SPLINK_HOME/etc/passwd on each sh cluster member and change the username in there.
You will have to restart the search heads for this change to take effect ( this might happen automatically when you apply the shcluster-bundle from the deployer)

0 Karma
Reply

adonio
Ultra Champion
‎12-12-2017 10:54 AM

are these native users? e.g. configured via splunk gui not ldap / ad ?
to preserve the user content, navigate to etc/users/UserName on the search head and copy content
hope it helps

0 Karma
Reply

HeL42
Engager
‎12-12-2017 11:29 AM

Yes, these are native users, created with "splunk add user ..."
Can it be renamed?

Do I have to do the copy on all search heads?

0 Karma
Reply

adonio
Ultra Champion
‎12-12-2017 11:35 AM

you can copy the content of a user (from one of the search heads) and put it on the Deployer at .../ets/shcluster/users and deploy the configurations to the search heads

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...