Splunk Admin Password

New Member

I have renamed passwd.bkg to passwd and restart splunk but still not able to reset my password using admin and changeme

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

Hi, I do not have programming knowledge.
And now I forgot my Splunk Enterprise password.
Can someone help to guide me through how to reset the password?
What exactly I need to do and the path I needed to input?
Thank you and really appreciate your help.
Splunk pw.PNG

0 Karma


If you have local access to the server, you can do this from commandline. Password must be at least 8 characters.

splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password=YourPasswordHere"


If you are on Splunk 7.1 then the method of recovering from an "I forgot the password for admin" situation is different. Prior to 7.1 just the absence of $SPLUNK_HOME/etc/passwd caused Splunk to reset the password to changeme. But on 7.1 there is an additional step.

  1. You need to save the $SPLUNK_HOME/etc/passwd file, removing the original.
  2. You need to edit a file called $SPLUNK_HOME/etc/system/local/user-seed.conf (this will probably be a new file).
  3. You need to add a stanza called [user_info] and specify the admin user and what password you wish to use.
  4. Then restart Splunk. This will generate a new $SPLUNK_HOME/etc/passwd file.
  5. If you had something other than vanilla in the passwd file (other lines, other admin users) you need to put them back into the new passwd file and restart Splunk again.

Sample $SPLUNK_HOME//etc/system/local/user-seed.conf file [user_info] stanza

USERNAME = admin
PASSWORD = password

      * Password must meet complexity requirements. [See the docs][1].


This method works in 7.1+.  It worked for me.

0 Karma



I have a Splunk 7.1, on which I am performing the steps as described, but I still cannot logon.




My situation was bit different. I was not able to login after installing version 7.1 lab. The steps here did work. Thanks.

0 Karma

Path Finder

I copied my Development Spunk v6.x passwd file to Splunk v7.1, and I managed to use the v6.x admin password to get back in to Splunk v7.
Is there any way to stop Splunk v7 from insisting on using the new password naming rules?

0 Karma


this procedure is retarded...
thanks for clarifying it tho!


To reset the admin password:

  • Stop splunk service
  • Move the $SPLUNK_HOME/etc/passwd file to $SPLUNK_HOME/etc/passwd.bak
  • Start Splunk. After the restart you should be able to login using the default login (admin/changeme).
0 Karma

Path Finder


How can I rename the admin account name for Splunk dev license. As it's dev license it allows single user to be created and now I want to change the name of this id.

Is there any way?

0 Karma

Super Champion

Just rename passwd file with a .bak extension and restart

0 Karma

Splunk Employee
Splunk Employee

This no longer is sufficient in Splunk 7.1 and forward. You get no users exist message when you try to login again. See additional posts for this to create user-seed.conf which is case sensitive

0 Karma

New Member

Have tried it and does not work

0 Karma


Have you restarted the Splunk service since making this change?

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...