Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Changed account password that runs splunkd and receiving this unauthorized error

chipps
Loves-to-Learn
‎05-03-2022 01:01 PM

I will be the first to admit I am by no means even a novice in SPLUNK. I am trying to fix an issue that was recently created due to the need to update a service account password that is associated with SPLUNK.

We recently changed the password to the account that runs the splunkd service.  the service started back up without any issues, however when I attempt to log into the SPLUNK webapp I get an unauthorized error. It seems like an obvious authentication issue but due to my lack of knowledge with SPLUNK and how it is setup I am not even sure where to begin looking.

SplunkWeb_Error.PNG

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-03-2022 01:18 PM

Which account did you change?  There's the OS account that runs Splunk and there are accounts you use to sign in as a Splunk user.  Both types are "associated with Splunk".  HOW did you make that change?

Changing the password on the OS account running Splunk has no effect on any user accounts within the product.  Try using the old password.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

chipps
Loves-to-Learn
‎05-03-2022 01:29 PM

It is an account that runs the SPLUNK service. It is not the account that is used to log in to the SPLUNK web. 

The account was password was changed in AD. The splunkd service was then stopped. We then went to administrative tools --> services --> properties of the splunkd service --> log on tab --> and updated the password there. We were able to start the service without an issues but the web interface is inaccessible.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-03-2022 02:19 PM

To reiterate, changes made to passwords in the OS do not affect the Splunk sign-in password.

Try using the previous password to sign in to Splunk UI.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...