To reset the admin password you will need to have access to the file system:
- move the
$SPLUNK_HOME/etc/passwd file to
- restart splunk. After the restart you should be able to login using the default login (
If you created other user accounts, copy those entries from the backup file into the new passwd file and restart splunk.
I cannot find a passwd file under $SPLUNK_HOME/etc. I'm unable to login to splunk the first time itself with admin and change me credentials
If you are installing a splunk server (search, index, deploy) likely the splunk client software is running and using the same port. You need to remove the the following file:
dpkg -l splunkforwarder (list the package)
dpkg -r splunkforwarder (remove the package)
Try login after, it should take admin/changeme.
Hey, I tried this but it does not seem to work. It says wrong password upon entering 'changeme'. By 'moving' passwd to passwd.bak do you mean renaming it? (I'm using Windows OS, not using any command shell). Please help.
Hi, This question has been asked several times because the answer is bit confusing. It says moving passwd file to passwd.bak. What does this mean??
I can find passwd file but what is this passdw.bak? and where to find it, must be a folder where this file will be moved? Or do we have to just change the fle extension?
Please help, Thanks.