remove passwd file from /etc but can't initial the password for splunk again, why?

New Member

1, delete the passwd with non-root account
2, splunk stop and splunk start again
3, try to login in web browser with initial account(admin, changeme) but failed,

what's the possible reason for that?

0 Karma


which version of Splunk are you using?

If you are using latest version of splunk i.e. 7.1 then follow this steps from the below link:


To reset the admin password:

1)Stop splunk service

2)Move the $SPLUNK_HOME/etc/passwd file to $SPLUNK_HOME/etc/passwd.bak

3)Start Splunk.
After the restart you should be able to login using the default login (admin/changeme).
Let me know if this helps!

0 Karma