New forwarder: An Admin password is required???

New Member

Running V7.1, but just Installed a new forwarder and received this response: This appears to be your first time running this version of Splunk. An Admin password must be set before installation proceeds. Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password:; Is this a new feature? What password is being requested?

Tags (1)
0 Karma


From v7.1, Splunk requires you to set the admin password, because else people tend to stick with changeme 😉
You can put in whatever password you like, but make sure to remember it.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

Loves-to-Learn Lots

when do we even use this forwarder admin/pass?

0 Karma


On a forwarder it's rare that I've used it, other than checking the status of the tailingProcessor and such.

0 Karma

Loves-to-Learn Lots

So its ok leave it to default in that case?

0 Karma


I would not leave it may not be used often but it can be exploited for bad things. For example, somebody connecting to it with the default username/password, pointing it to a rogue deployment server, pushing down scripts to run in context of the splunk user and possibly owning the box.

On the UF's, we set a random password for the admin account and disable the management port.

Have a look at this .conf session from a couple years back:

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...