The first time I went to login, I got the error message. I did the admin/changeme dance - got in no problem.
Timed out and Splunk said I need to log in again.
I have made several attempts to log in but cannot. I tried the admin/changeme dance again - NO LUCK!
SO - I went to the website, splunk.com and was able to log in with my user name and password on the website.
I STILL CANNOT LOG INTO MY SPLUNK SERVER ON MY LAPTOP.
Whats up with that?
Any good, quick solutions would be greatly appreciated.
@Mus where do i type those commands?
Its really hard to understand why they have not fixed this issue already. It has been bugging me for 2 days and i have been completely unable to proceed. I am new user and i have a very bad experience already.
THIS IS DANGER ZONE, FOLLOW THIS ON YOUR OWN RISK!!! You will loose all users and passwords!!!
If you are really lost and Damien's answer didn't help, then here is a way to go:
stop splunk - move your passwd file - start splunk
this way you will get back default
passwd file and therefore get back default password for user admin.
So if you really want to do this and restore default password for admin proceed like this:
hope this helps and don't blame me if you lost all your users....I warned you before.
following MuS' suggestion is a valid workaround - if your're using username/password 😉
If you have multiple users, you can actually copy them from your old passwd file, into the new.
@SteveKihiu, the second command simply moves the user file in Splunk which is
$SPLUNK_HOME/etc/passwd to a different file
$SPLUNK_HOME/etc/myOldPasswd in this case.
After the next restart of Splunk, Splunk will re-create a default
$SPLUNK_HOME/etc/passwd which only contains the admin user with the default