1, delete the passwd with non-root account
2, splunk stop and splunk start again
3, try to login in web browser with initial account(admin, changeme) but failed,
what's the possible reason for that?
which version of Splunk are you using?
If you are using latest version of splunk i.e. 7.1 then follow this steps from the below link:
To reset the admin password:
1)Stop splunk service
2)Move the $SPLUNK_HOME/etc/passwd file to $SPLUNK_HOME/etc/passwd.bak
After the restart you should be able to login using the default login (admin/changeme).
Let me know if this helps!