Security

admin password on command line

steinerdani
Engager

The splunkweb front end (webserver) is disabled. How can I check the admin password from the command line?

Tags (1)
1 Solution

MarioM
Motivator

Do you mean changing the admin password? For example:

./splunk edit user admin -password foo -role admin -auth admin:changeme

This command changes the admin password from changeme to foo.

Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:

./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme

or

./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme

View solution in original post

southeringtonp
Motivator

You can't decrypt the password if that's what you're asking.

You can reset it: http://answers.splunk.com/questions/834/how-could-i-reset-the-admin-password

Or just try logging in from the command line:

splunk login

Another option would be to try logging in via the REST API. Here's an example: http://answers.splunk.com/questions/8940/how-can-i-run-searches-against-the-splunk-api

MarioM
Motivator

Do you mean changing the admin password? For example:

./splunk edit user admin -password foo -role admin -auth admin:changeme

This command changes the admin password from changeme to foo.

Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:

./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme

or

./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme

suttonj
Engager

this process will expose the new password in clear text in the servers history. Is there a way of doing this without exposing the password? (other than doing it on one server then deleteing the history and then copy the passwd file to all other servers than need their password changed from the default)

ThomasControlw1
Explorer

history -c will deleate all your CLI history 😄
cheers

0 Karma

corydodt
Engager

Try this

# read -s 'pw?password: '; echo; splunk edit user admin -password "$pw" -role admin -auth admin:changeme
password: 
User admin edited.
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...