Security

Can't log in to splunk

Explorer

i have a slightly different problem. About an hour or two ago, i logged in into Splunk and configured my own password. I tried logging in using my username and password but it says: Invalid username or password.
I am 100% sure i typed my accountname and password correct!
please help!
I also tried using the default username and password, this doesen't work either.

1 Solution

Splunk Employee
Splunk Employee

not sure why your configured password isn't working, but you can start over:

1) stop Splunk (./splunk stop)

2) make a backup of $SPLUNK_HOME/etc/passwd, then remove that file.

3) restart Splunk and log in again with the default admin/changeme.

if you have other (working) users defined in the system, you can copy them out of your backed-up copy of the passwd file and paste them back in after you restart.

View solution in original post

Explorer

After reading as similar post here I used 'admin' and the password I originally set up for my user. Not obvious after first logging in successfully with my own un and pw, then the same un and pw failing after a restart, but there you go.

0 Karma

Explorer

I know this thread is old but it is the first to pop up on Google.

In my case I had performed the following steps on my AWS Splunk Enterprise instance:

  1. Cloned admin account
  2. On the cloned admin account setup a named user.
  3. Stored credentials in a password manager.
  4. Logged out of the admin account and logged in with new admin account.
  5. Deleted the default admin account.

I didn't have any issues but after updating the instance and rebooting I could not login - "Invalid Username or Password"

I was about to perform the steps provided by @piebob but did the following instead. Also, I notice $SPLUNK_HOME is referenced a lot on these boards but I think there are people who aren't sure where the home path hence the reason for my find command - I might be easy to mix up the OS /etc/passwd file.

sudo find / -name passwd
sudo cat /opt/splunk/etc/passwd
sudo cp /opt/splunk/etc/passwd /opt/splunk/etc/passwd.BACKUP
sudo /opt/splunk/bin/splunk stop
sudo /opt/splunk/bin/splunk start

After stopping and starting again I could login normally. If I didn't have a million other things to do I would troubleshoot but for now, I can login.

0 Karma

Explorer

your reply sparked my solution, it was the administrator account with my own password!

stupid me!

Explorer

Same problem. Not obvious at all! But this answer is correct.

0 Karma

Explorer

so, here's what happened:

I got a mail from a comment on my post asking: Can you log in as administrator?

So i thought by myself: i havent tried using my own password and administrator accunt.
that worked!

Thanks for helping me, i'm fairly new to splunk, and the whole IT world, with just 2 years of education but big plans in the future!

Splunk Employee
Splunk Employee

not sure why your configured password isn't working, but you can start over:

1) stop Splunk (./splunk stop)

2) make a backup of $SPLUNK_HOME/etc/passwd, then remove that file.

3) restart Splunk and log in again with the default admin/changeme.

if you have other (working) users defined in the system, you can copy them out of your backed-up copy of the passwd file and paste them back in after you restart.

View solution in original post

Super Champion

Can you login as admin?
Are there any other users with admin rights?

0 Karma