Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

admin password on command line

steinerdani
Engager
‎12-01-2010 03:10 PM

The splunkweb front end (webserver) is disabled. How can I check the admin password from the command line?

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

MarioM
Motivator
‎12-01-2010 04:18 PM

Do you mean changing the admin password? For example:

./splunk edit user admin -password foo -role admin -auth admin:changeme

This command changes the admin password from changeme to foo.

Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:

./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme

or

./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme

View solution in original post

Reply
Solved! Jump to solution

southeringtonp
Motivator
‎12-01-2010 04:19 PM

You can't decrypt the password if that's what you're asking.

You can reset it: http://answers.splunk.com/questions/834/how-could-i-reset-the-admin-password

Or just try logging in from the command line:

splunk login

Another option would be to try logging in via the REST API. Here's an example: http://answers.splunk.com/questions/8940/how-can-i-run-searches-against-the-splunk-api

Reply
Solved! Jump to solution
Solution

MarioM
Motivator
‎12-01-2010 04:18 PM

Do you mean changing the admin password? For example:

./splunk edit user admin -password foo -role admin -auth admin:changeme

This command changes the admin password from changeme to foo.

Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:

./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme

or

./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme
Reply
Solved! Jump to solution

suttonj
Engager
‎03-04-2015 08:11 AM

this process will expose the new password in clear text in the servers history. Is there a way of doing this without exposing the password? (other than doing it on one server then deleteing the history and then copy the passwd file to all other servers than need their password changed from the default)

Reply
Solved! Jump to solution

ThomasControlw1
Explorer
‎03-10-2017 07:48 AM

history -c will deleate all your CLI history 😄
cheers

0 Karma
Reply
Solved! Jump to solution

corydodt
Engager
‎06-20-2016 06:36 PM

Try this

# read -s 'pw?password: '; echo; splunk edit user admin -password "$pw" -role admin -auth admin:changeme
password: 
User admin edited.
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...
Top