Solved: How to Reset the Admin password?

Lionel · ‎03-23-2010

I just realized that I lost the Admin password and I need a way to access the system, with my Admin credentials.

cbreshears_splu · ‎05-01-2018

How to do this in 7.1 + :

Stop Splunk Enterprise
Find the passw file for your instance ($SPLUNK_HOME/etc/passwd) and rename it to passwd.bk
Create a file named user-seed.conf in your $SPLUNK_HOME/etc/system/local/ directory.
In the file add the following text:

[user_info]
PASSWORD = NEW_PASSWORD

In the place of "NEW_PASSWORD" insert the password you would like to use.
Start Splunk Enterprise and use the new password to log into your instance from Splunk Web.
If you previously created other users and know their login details, copy and paste their credentials from the passwbk file into the passwd file and restart Splunk.

Versions prior to 7.1 :

Stop Splunk Enterprise
Find the passw file for your instance ($SPLUNK_HOME/etc/passw) and rename it to passw.bk
Start Splunk Enterprise and login to your instance from Splunk Web using the default credentials of admin/changeme.
You will be asked to enter a new password for your admin account.
If you previously created other users and know their login details, copy and paste their credentials from the passw.bk file into the passwd file and restart Splunk.

View solution in original post

bramuno · ‎07-23-2024

small note to add, since v9.x the password complexity is enforced in the user-seed.conf file as well. So be sure the new password is at least 8ch long or whatever your complexity requirements are. If the new etc/passwd file is not created, then check splunkd.log file for the failure reason.

preactivity · ‎05-15-2019

We can reset both username(admin) and password to whatever we want.

Changing admin password:

Identify /etc folder of your splunk installation and rename passwd file to passwd.back (you can rename to anything we want)
In the same etc folder, navigate to /System/local folder and create a file user-seed.conf. This configuration should have the latest password.

[user_info]
USERNAME = admin
PASSWORD = changeme (you can enter whatever you want)
restart the splunk. Now you will see a new passwd file will be created with admin as username and encrypted password.
At this stage you should be able to login to Splunk with UserName as admin and Password as changme

Rename the default username:
-> we can go to etc folder and open passwd file and there we can rename the admin to whatever name we want.

You can refer to below video for the instructions.

https://www.youtube.com/watch?v=pJferqpXcsc&t=16s

matthewmurphy · ‎03-24-2023

just used this in march2023 and can confirm it works in splunk 9.x

cheers

bandit · ‎08-14-2020

Thanks for the updated answer @preactivity 🙂 as most of the older answers are no longer valid on the newer Splunk releases.

Rob

mleegoebel · ‎01-18-2019

For CentOS 6.x with splunk forwarder version 7.2.1 I use the following commands to update the passwords of splunk users.

   service splunk stop
   /path/to/splunkforwarder/bin/splunk edit user <username> -password <new_password>
   service splunk start

, service splunk stop
/path/to/splunkforwarder/bin/splunk edit user -password
service splunk start

hythyt · ‎06-01-2018

Thanks "amielke ". , I had a same problem like chippysplunk.
finally , i changed my password in user.seed.conf file as below :

 [user_info]
 USERNAME = admin
 PASSWORD = myPassword

woodcock · ‎07-13-2018

And then on reboot, admin gets recreated with the new password?

amielke · ‎05-09-2018

Hi,

the solution with user-seed.conf was helpful.
I create the config-file in the folder $Splunk_HOME$/etc/system/local, like this:

[user_info]
USERNAME = admin
PASSWORD = myPassword

After a restart, the login was successful with this credintials.

hythyt · ‎06-01-2018

it worked!... for 7.1

amielke · ‎05-02-2018

Hi,

I've read the steps, but unfortunately I don't want it that way. I renamed the passwd file, rebooted the system. I still can't login with admin and changeme. Splunk does not create a new passwd file for me either. There is also no standard initial login screen with admin and changeme.
Anybody have an idea?

cbreshears_splu · ‎05-02-2018

amielke, are you using 7.1? If so, read the accepted answer. You will need to set the password in the user-seed.conf file.

cbreshears_splu · ‎05-01-2018

How to do this in 7.1 + :

Stop Splunk Enterprise
Find the passw file for your instance ($SPLUNK_HOME/etc/passwd) and rename it to passwd.bk
Create a file named user-seed.conf in your $SPLUNK_HOME/etc/system/local/ directory.
In the file add the following text:

[user_info]
PASSWORD = NEW_PASSWORD

In the place of "NEW_PASSWORD" insert the password you would like to use.
Start Splunk Enterprise and use the new password to log into your instance from Splunk Web.
If you previously created other users and know their login details, copy and paste their credentials from the passwbk file into the passwd file and restart Splunk.

Versions prior to 7.1 :

Stop Splunk Enterprise
Find the passw file for your instance ($SPLUNK_HOME/etc/passw) and rename it to passw.bk
Start Splunk Enterprise and login to your instance from Splunk Web using the default credentials of admin/changeme.
You will be asked to enter a new password for your admin account.
If you previously created other users and know their login details, copy and paste their credentials from the passw.bk file into the passwd file and restart Splunk.

qapabli · ‎12-22-2023

Here is a more complete process from Splunk

https://docs.splunk.com/Documentation/Splunk/9.1.2/Security/Secureyouradminaccount

robert_b_lay · ‎01-29-2020

Thanks! This was exactly what I needed!

VatsalJagani · ‎06-17-2019

@cbreshears_splunk - How about search head cluster?

cbreshears_splu · ‎06-17-2019

You will want to do this on your deployer to sync across your deployment:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Resetapasswordinadistributedenvironment

vinkumar_splunk · ‎09-18-2018

This worked. THanks

season88481 · ‎05-30-2018

Thanks. The file name is passwd not passw BTW.

cbreshears_splu · ‎05-30-2018

Thanks, changed to reflect correct name.

kinjalmistry · ‎05-14-2018

Thank you. This worked.

How to Reset the Admin password?

login

How to do this in 7.1 + :

Versions prior to 7.1 :

https://www.youtube.com/watch?v=pJferqpXcsc&t=16s

How to do this in 7.1 + :

Versions prior to 7.1 :

Announcing the Expansion of the Splunk Academic Alliance Program

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Buttercup Games: Further Dashboarding Techniques (Part 7)