Security

How to Reset the Admin password?

Lionel
Splunk Employee
Splunk Employee

I just realized that I lost the Admin password and I need a way to access the system, with my Admin credentials.

Labels (1)
1 Solution

cbreshears_splu
Splunk Employee
Splunk Employee

How to do this in 7.1 + :

Stop Splunk Enterprise
Find the passw file for your instance ($SPLUNK_HOME/etc/passwd) and rename it to passwd.bk
Create a file named user-seed.conf in your $SPLUNK_HOME/etc/system/local/ directory.
In the file add the following text:

[user_info]
PASSWORD = NEW_PASSWORD

In the place of "NEW_PASSWORD" insert the password you would like to use.
Start Splunk Enterprise and use the new password to log into your instance from Splunk Web.
If you previously created other users and know their login details, copy and paste their credentials from the passwbk file into the passwd file and restart Splunk.

Versions prior to 7.1 :

Stop Splunk Enterprise
Find the passw file for your instance ($SPLUNK_HOME/etc/passw) and rename it to passw.bk
Start Splunk Enterprise and login to your instance from Splunk Web using the default credentials of admin/changeme.
You will be asked to enter a new password for your admin account.
If you previously created other users and know their login details, copy and paste their credentials from the passw.bk file into the passwd file and restart Splunk.

View solution in original post

hythyt
Engager

thanks this worked !....

0 Karma

Swatikeshari
New Member

mv /opt/splunk/etc/passwd /opt/splunk/etc/passwd.bak
mv: cannot move '/opt/splunk/etc/passwd' to '/opt/splunk/etc/passwd.bak': Permission denied

Why I am getting this error?

0 Karma

reddyo
New Member

Swati, You should try with root, splunk user doesn't have root permissions else add splunk user as NOPASSWD in sudoers file with root user as below and try again

vi /etc/sudoers ( with root user)

XXX ALL=(ALL) NOPASSWD:ALL here XXX is user name.

hope it should work 🙂

-Om

0 Karma

Swatikeshari
New Member

I have installed splunk in my Linux Ubuntu system. I have forgot the admin password and now I am trying to retrieve it but I am not able to find the passwd file under /splunk/etc directory
Please help me on this.

0 Karma

chippysplunk
New Member

I renamed Password file into password.bak and restarted splunk.
Still I am not able to login with "admin/changeme".alt text

0 Karma

MITHCHAND
New Member

!- This is for Windows 7 -!

  1. Open cmd and goto c:\Program Files\Splunk\bin>
  2. Stop splunk service using the command
    c:\Program Files\Splunk\bin> splunk stop

  3. Reset the admin password using the command as below
    c:\Program Files\Splunk\bin>splunk edit user admin -password newPassword -role admin -auth admin:changeme

  4. Start the splunk service
    c:\Program Files\Splunk\bin> splunk start

  5. Open URL https://localhost:8000 and user the credentials as admin/newPassword

0 Karma

owaisenfo
Engager

Hi, This question has been asked several times because the answer is bit confusing. It says moving passwd file to passwd.bak. What does this mean??

I can find passwd file but what is this passdw.bak? and where to find it, must be a folder where this file will be moved? Or do we have to just change the fle extension?

Please help, Thanks.

0 Karma

chskm
Path Finder

Hi Owaisenfo,

It's nothing but to rename to the passwd file to passwd.bak

Saikrishna

0 Karma

bmunson_splunk
Splunk Employee
Splunk Employee

This is an old answer and only works prior to V7.1. For all other versions read cbreshears_splunk Answer

Yes. Just rename it with a .bak extension, restart and use the default password of "changeme"

0 Karma

chskm
Path Finder

Hi Owaisenfo,

It's nothing but to rename to the passwd file to passwd.bak

Saikrishna

0 Karma

reddyo
New Member

JUst rename the passwd file and restart 🙂

0 Karma

matt
Splunk Employee
Splunk Employee

To reset the admin password you will need to have access to the file system:
- move the $SPLUNK_HOME/etc/passwd file to passwd.bak
- restart splunk. After the restart you should be able to login using the default login (admin/changeme).

If you created other user accounts, copy those entries from the backup file into the new passwd file and restart splunk.

mspuranik
Engager

Hey, I tried this but it does not seem to work. It says wrong password upon entering 'changeme'. By 'moving' passwd to passwd.bak do you mean renaming it? (I'm using Windows OS, not using any command shell). Please help.

bpitts2
Path Finder

Yes, you need to rename the file and then restart the splunk service.

eappan
New Member

If you are installing a splunk server (search, index, deploy) likely the splunk client software is running and using the same port. You need to remove the the following file:

mv /opt/splunkforwarder/etc/passwd /opt/splunkforwarder/etc/passwd.bak

Or

On Ubuntu
dpkg -l splunkforwarder (list the package)
dpkg -r splunkforwarder (remove the package)

Try login after, it should take admin/changeme.

0 Karma

joposos
New Member

I cannot find a passwd file under $SPLUNK_HOME/etc. I'm unable to login to splunk the first time itself with admin and change me credentials

Jophy

0 Karma

tirher
New Member

It´s very simple 😉

Thanks brother !!

0 Karma

jdomin30
New Member

I have mac, would it be the same for me?

0 Karma

Junnilly
New Member

I know iSeePassword windows password recovery program can reset password for Widows 7,8 and 10.
but you need a USB or DVD.
ttp://www.iseepassword.com/how-to-reset-windows-7-password.html

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...