Re: Log in to Splunk Web as a user in the admin ro...

xzp521 · ‎08-19-2020

My Enterprise Trial license has expired. How can I log into Splunk Web as the admin use? I don't know the username and password.

---- Below is steps to switch licensing ----

You can change from the Enterprise Trial license to a Free license at any time. To switch licenses:

Log in to Splunk Web as a user in the admin role
Select Settings > Licensing
Click Change License Group
Select Free license
Click Save
You are prompted to restart
If your Enterprise Trial license has expired, use the above procedure except that you can only log into Splunk Web as the admin user. No other credentials will work.

Nisha18789 · ‎08-19-2020

Hello @xzp521 , you can try this

a) Move the existing passwd file: $SPLUNK_HOME/etc/passwd to a backup location.
b) Create a user-seed.conf file in $SPLUNK_HOME/etc/system/local containing the username and new password
[user_info]
USERNAME = admin
PASSWORD = <password>
c) Restart Splunk and login with above set credentials.
d) A new set of pwd will be created by Splunk in etc/passwd file and user-seed.conf file should be deleted by Splunk. Now, merge the backup of passwd file with new etc/passwd file with

How to log in to Splunk Web as an admin after trial license has expired and forgotten credentials?

other

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup