Hello @xzp521 , you can try this
a) Move the existing passwd file: $SPLUNK_HOME/etc/passwd to a backup location.
b) Create a user-seed.conf file in $SPLUNK_HOME/etc/system/local containing the username and new password
USERNAME = admin
PASSWORD = <password>
c) Restart Splunk and login with above set credentials.
d) A new set of pwd will be created by Splunk in etc/passwd file and user-seed.conf file should be deleted by Splunk. Now, merge the backup of passwd file with new etc/passwd file with