Splunk Admin Password

New Member

I have renamed passwd.bkg to passwd and restart splunk but still not able to reset my password using admin and changeme

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

Hi, I do not have programming knowledge.
And now I forgot my Splunk Enterprise password.
Can someone help to guide me through how to reset the password?
What exactly I need to do and the path I needed to input?
Thank you and really appreciate your help.
Splunk pw.PNG

0 Karma


If you have local access to the server, you can do this from commandline. Password must be at least 8 characters.

splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password=YourPasswordHere"


If you are on Splunk 7.1 then the method of recovering from an "I forgot the password for admin" situation is different. Prior to 7.1 just the absence of $SPLUNK_HOME/etc/passwd caused Splunk to reset the password to changeme. But on 7.1 there is an additional step.

  1. You need to save the $SPLUNK_HOME/etc/passwd file, removing the original.
  2. You need to edit a file called $SPLUNK_HOME/etc/system/local/user-seed.conf (this will probably be a new file).
  3. You need to add a stanza called [user_info] and specify the admin user and what password you wish to use.
  4. Then restart Splunk. This will generate a new $SPLUNK_HOME/etc/passwd file.
  5. If you had something other than vanilla in the passwd file (other lines, other admin users) you need to put them back into the new passwd file and restart Splunk again.

Sample $SPLUNK_HOME//etc/system/local/user-seed.conf file [user_info] stanza

USERNAME = admin
PASSWORD = password

      * Password must meet complexity requirements. [See the docs][1].


This method works in 7.1+.  It worked for me.

0 Karma



I have a Splunk 7.1, on which I am performing the steps as described, but I still cannot logon.




My situation was bit different. I was not able to login after installing version 7.1 lab. The steps here did work. Thanks.

0 Karma

Path Finder

I copied my Development Spunk v6.x passwd file to Splunk v7.1, and I managed to use the v6.x admin password to get back in to Splunk v7.
Is there any way to stop Splunk v7 from insisting on using the new password naming rules?

0 Karma


this procedure is retarded...
thanks for clarifying it tho!


To reset the admin password:

  • Stop splunk service
  • Move the $SPLUNK_HOME/etc/passwd file to $SPLUNK_HOME/etc/passwd.bak
  • Start Splunk. After the restart you should be able to login using the default login (admin/changeme).
0 Karma

Path Finder


How can I rename the admin account name for Splunk dev license. As it's dev license it allows single user to be created and now I want to change the name of this id.

Is there any way?

0 Karma

Super Champion

Just rename passwd file with a .bak extension and restart

0 Karma

Splunk Employee
Splunk Employee

This no longer is sufficient in Splunk 7.1 and forward. You get no users exist message when you try to login again. See additional posts for this to create user-seed.conf which is case sensitive

0 Karma

New Member

Have tried it and does not work

0 Karma


Have you restarted the Splunk service since making this change?

0 Karma
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...