Security

What is the default splunk user password in Unix after install?

jwertheim
Explorer

I was having some issues and decided to change the splunk user password, but now I can't start my Splunk instance at all due to permission denied errors.

I'd prefer not to reinstall but that might be my only option.

I've Googled around quite a bit but can't find any info on what the default splunk user password on Unix would be.

**This is not for the default Splunk Web admin user. This is for the actual Unix user, 'splunk'.

jkat54
SplunkTrust
SplunkTrust

sudo passwd splunk

There isnt a default user for splunk. So if you've installed it under a user account named 'splunk', then you need your unix admins to change the password for the account. The permission denied errors would only occur if you changed owner of the files, or started splunk as the root user when it was previously owned by a user named splunk. Every time splunk starts it will take ownership of some files, or tries to... lock files, pid files, indexes, etc. So if you install as "splunk", then start it as "root", then stop it as "root", then switch to the "splunk" user and run $SPLUNK_HOME/bin/splunk start, it will fail due to permission issues. The fix there would be sudo chown -Rf splunk. $SPLUNK_HOME

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...