Security

What is the default splunk user password in Unix after install?

jwertheim
Explorer

I was having some issues and decided to change the splunk user password, but now I can't start my Splunk instance at all due to permission denied errors.

I'd prefer not to reinstall but that might be my only option.

I've Googled around quite a bit but can't find any info on what the default splunk user password on Unix would be.

**This is not for the default Splunk Web admin user. This is for the actual Unix user, 'splunk'.

jkat54
SplunkTrust
SplunkTrust

sudo passwd splunk

There isnt a default user for splunk. So if you've installed it under a user account named 'splunk', then you need your unix admins to change the password for the account. The permission denied errors would only occur if you changed owner of the files, or started splunk as the root user when it was previously owned by a user named splunk. Every time splunk starts it will take ownership of some files, or tries to... lock files, pid files, indexes, etc. So if you install as "splunk", then start it as "root", then stop it as "root", then switch to the "splunk" user and run $SPLUNK_HOME/bin/splunk start, it will fail due to permission issues. The fix there would be sudo chown -Rf splunk. $SPLUNK_HOME

Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...