Security

What is the default splunk user password in Unix after install?

jwertheim
Explorer

I was having some issues and decided to change the splunk user password, but now I can't start my Splunk instance at all due to permission denied errors.

I'd prefer not to reinstall but that might be my only option.

I've Googled around quite a bit but can't find any info on what the default splunk user password on Unix would be.

**This is not for the default Splunk Web admin user. This is for the actual Unix user, 'splunk'.

jkat54
SplunkTrust
SplunkTrust

sudo passwd splunk

There isnt a default user for splunk. So if you've installed it under a user account named 'splunk', then you need your unix admins to change the password for the account. The permission denied errors would only occur if you changed owner of the files, or started splunk as the root user when it was previously owned by a user named splunk. Every time splunk starts it will take ownership of some files, or tries to... lock files, pid files, indexes, etc. So if you install as "splunk", then start it as "root", then stop it as "root", then switch to the "splunk" user and run $SPLUNK_HOME/bin/splunk start, it will fail due to permission issues. The fix there would be sudo chown -Rf splunk. $SPLUNK_HOME

Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...