Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Changed account password that runs splunkd and receiving this unauthorized error

chipps
Loves-to-Learn
‎05-03-2022 01:01 PM

I will be the first to admit I am by no means even a novice in SPLUNK. I am trying to fix an issue that was recently created due to the need to update a service account password that is associated with SPLUNK.

We recently changed the password to the account that runs the splunkd service.  the service started back up without any issues, however when I attempt to log into the SPLUNK webapp I get an unauthorized error. It seems like an obvious authentication issue but due to my lack of knowledge with SPLUNK and how it is setup I am not even sure where to begin looking.

SplunkWeb_Error.PNG

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-03-2022 01:18 PM

Which account did you change?  There's the OS account that runs Splunk and there are accounts you use to sign in as a Splunk user.  Both types are "associated with Splunk".  HOW did you make that change?

Changing the password on the OS account running Splunk has no effect on any user accounts within the product.  Try using the old password.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

chipps
Loves-to-Learn
‎05-03-2022 01:29 PM

It is an account that runs the SPLUNK service. It is not the account that is used to log in to the SPLUNK web. 

The account was password was changed in AD. The splunkd service was then stopped. We then went to administrative tools --> services --> properties of the splunkd service --> log on tab --> and updated the password there. We were able to start the service without an issues but the web interface is inaccessible.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-03-2022 02:19 PM

To reiterate, changes made to passwords in the OS do not affect the Splunk sign-in password.

Try using the previous password to sign in to Splunk UI.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...