Security

What is the default splunk user password in Unix after install?

jwertheim
Explorer

I was having some issues and decided to change the splunk user password, but now I can't start my Splunk instance at all due to permission denied errors.

I'd prefer not to reinstall but that might be my only option.

I've Googled around quite a bit but can't find any info on what the default splunk user password on Unix would be.

**This is not for the default Splunk Web admin user. This is for the actual Unix user, 'splunk'.

jkat54
SplunkTrust
SplunkTrust

sudo passwd splunk

There isnt a default user for splunk. So if you've installed it under a user account named 'splunk', then you need your unix admins to change the password for the account. The permission denied errors would only occur if you changed owner of the files, or started splunk as the root user when it was previously owned by a user named splunk. Every time splunk starts it will take ownership of some files, or tries to... lock files, pid files, indexes, etc. So if you install as "splunk", then start it as "root", then stop it as "root", then switch to the "splunk" user and run $SPLUNK_HOME/bin/splunk start, it will fail due to permission issues. The fix there would be sudo chown -Rf splunk. $SPLUNK_HOME

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...