Solved: How can I change the admin password before splunk ...

Alan_Bradley · ‎03-19-2010

Is there a way to change the splunk admin password from the command line when splunk isn't running?

Anytime I do a splunk install on our servers where splunk is on the net, I have to go manipulate firewall rules twice because splunk comes up with a default password. I'd really love to set that password to a specific one before I start splunk the first time.

matt · ‎03-19-2010

You should add a new stanza in etc/user-seed.conf before first start.

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/User-seedconf

View solution in original post

dougmartin · ‎01-28-2016

To get rid of the "first time logging in?" messsage on the web app just touch $SPLUNK_HOME/etc/.ui_login

source: https://answers.splunk.com/answers/5543/how-can-i-remove-the-first-time-logging-in-hint-in-the-login... used "splunk edit user admin" but when the web app next comes up it does the whole "first time signing in" and change password which is annoying.

BunnyHop · ‎03-21-2010

You can also start the splunk instance and then run the command

splunk edit user admin -password YOURNEWPASSWORD -auth admin:changeme

then restart the splunk instance: splunk restart

I have this on a batch file for deployment.

matt · ‎03-19-2010

You should add a new stanza in etc/user-seed.conf before first start.

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/User-seedconf

How can I change the admin password before splunk is started the first time?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases