Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- admin password on command line
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The splunkweb front end (webserver) is disabled. How can I check the admin password from the command line?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you mean changing the admin password? For example:
./splunk edit user admin -password foo -role admin -auth admin:changeme
This command changes the admin password from changeme to foo.
Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:
./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme
or
./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can't decrypt the password if that's what you're asking.
You can reset it: http://answers.splunk.com/questions/834/how-could-i-reset-the-admin-password
Or just try logging in from the command line:
splunk login
Another option would be to try logging in via the REST API. Here's an example: http://answers.splunk.com/questions/8940/how-can-i-run-searches-against-the-splunk-api
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you mean changing the admin password? For example:
./splunk edit user admin -password foo -role admin -auth admin:changeme
This command changes the admin password from changeme to foo.
Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:
./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme
or
./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this process will expose the new password in clear text in the servers history. Is there a way of doing this without exposing the password? (other than doing it on one server then deleteing the history and then copy the passwd file to all other servers than need their password changed from the default)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
history -c will deleate all your CLI history 😄
cheers
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this
# read -s 'pw?password: '; echo; splunk edit user admin -password "$pw" -role admin -auth admin:changeme
password:
User admin edited.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
