I have renamed passwd.bkg to passwd and restart splunk but still not able to reset my password using admin and changeme
Hi, I do not have programming knowledge.
And now I forgot my Splunk Enterprise password.
Can someone help to guide me through how to reset the password?
What exactly I need to do and the path I needed to input?
Thank you and really appreciate your help.
If you have local access to the server, you can do this from commandline. Password must be at least 8 characters.
splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password=YourPasswordHere"
If you are on Splunk 7.1 then the method of recovering from an "I forgot the password for admin" situation is different. Prior to 7.1 just the absence of $SPLUNK_HOME/etc/passwd caused Splunk to reset the password to changeme. But on 7.1 there is an additional step.
[user_info]
and specify the admin user and what password you wish to use.Sample $SPLUNK_HOME//etc/system/local/user-seed.conf file [user_info]
stanza
[user_info]
USERNAME = admin
PASSWORD = password
* Password must meet complexity requirements. [See the docs][1].
This method works in 7.1+. It worked for me.
Hi
I have a Splunk 7.1, on which I am performing the steps as described, but I still cannot logon.
regards
Altin
My situation was bit different. I was not able to login after installing version 7.1 lab. The steps here did work. Thanks.
I copied my Development Spunk v6.x passwd file to Splunk v7.1, and I managed to use the v6.x admin password to get back in to Splunk v7.
Is there any way to stop Splunk v7 from insisting on using the new password naming rules?
this procedure is retarded...
thanks for clarifying it tho!
To reset the admin password:
Hi,
How can I rename the admin account name for Splunk dev license. As it's dev license it allows single user to be created and now I want to change the name of this id.
Is there any way?
Just rename passwd file with a .bak
extension and restart
This no longer is sufficient in Splunk 7.1 and forward. You get no users exist message when you try to login again. See additional posts for this to create user-seed.conf which is case sensitive
Have tried it and does not work
Have you restarted the Splunk service since making this change?