Security

Is there a way to copy over existing users and their roles to new a Splunk instance?

pb0543
Explorer

I am building out a new instance of splunk on new servers. I want to know is their a way to port over the existing user and their roles to the new splunk instance. The new instance is on a Linux server. Is there a way to tar up the existing user/roles on the old instance and port to the new instance.

Tags (2)
0 Karma

pb0543
Explorer

I am now getting this error:
Can't read key file /mnt/splunk/splunk/etc/auth/server.pem errno=101077092 error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt.
Couldn't initialize SSL Context for HTTPClient in ServerConfig
cannot find non-empty stack=enterprise for pool=auto_generated_pool_enterprise, skipping
Where config files do I need to re-enter my password to let Splunk re-encrypt it.

0 Karma

pb0543
Explorer

/etc/app/*/local, /etc/users, /etc/passwd, /etc/system/local/server.conf, etc/auth/splunk.secret.

Should I just copy the server.pem pem file to server.pem_old, restart splunk and let it generate it again?

0 Karma

rphillips_splk
Splunk Employee
Splunk Employee

it sounds like your password from the old instance was copied to the new instance in $SPLUNK_HOME/etc/system/local/server.conf. You can re-enter the correct password originally set on the new instance and restart splunk or reset back to default by pasting this into $SPLUNK_HOME/etc/system/local/server.conf on the new instance:
(paste everything as it appears below)
[sslConfig]
enableSplunkdSSL = true
sslKeysfile = server.pem
sslKeysfilePassword = password
caCertFile = cacert.pem
caPath = $SPLUNK_HOME/etc/auth

http://docs.splunk.com/Documentation/Splunk/6.2.6/Security/SecureSplunktoSplunkcommunicationsusingth...

restart splunk on the new instance

0 Karma

rphillips_splk
Splunk Employee
Splunk Employee

If re-entering the correct password, just update sslKeysfilePassword and restart splunk

0 Karma

rphillips_splk
Splunk Employee
Splunk Employee

what files did you copy over to the new instance?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...