Hi, I do not have programming knowledge.
And now I forgot my Splunk Enterprise password.
Can someone help to guide me through how to reset the password?
What exactly I need to do and the path I needed to input?
Thank you and really appreciate your help.
If you have local access to the server, you can do this from commandline. Password must be at least 8 characters.
splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password=YourPasswordHere"
If you are on Splunk 7.1 then the method of recovering from an "I forgot the password for admin" situation is different. Prior to 7.1 just the absence of $SPLUNK_HOME/etc/passwd caused Splunk to reset the password to changeme. But on 7.1 there is an additional step.
[user_info]and specify the admin user and what password you wish to use.
Sample $SPLUNK_HOME//etc/system/local/user-seed.conf file
USERNAME = admin
PASSWORD = password
* Password must meet complexity requirements. [See the docs].
I copied my Development Spunk v6.x passwd file to Splunk v7.1, and I managed to use the v6.x admin password to get back in to Splunk v7.
Is there any way to stop Splunk v7 from insisting on using the new password naming rules?
To reset the admin password:
This no longer is sufficient in Splunk 7.1 and forward. You get no users exist message when you try to login again. See additional posts for this to create user-seed.conf which is case sensitive
Have you restarted the Splunk service since making this change?