Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk password issue

uagraw01
Motivator
‎04-17-2023 08:03 AM

I am getting below error. Although I have changed my password & user name from user-seed.conf. But still it is showing below error.

uagraw01_0-1681743763165.png

But when I am login to UI, below are the error I am getting. Please help me how to fix this error.

uagraw01_0-1681743624386.png

 

 

Labels (1)
Labels
0 Karma
Reply

woodcock
Esteemed Legend
‎04-17-2023 11:01 AM

If no users exist that means that the $SPLUNK_HOME/etc/passwd file is missing.  To create a new admin user, you can use user-seed.conf and it is very easy.   Just double check your steps here:
https://docs.splunk.com/Documentation/Splunk/latest/Security/Secureyouradminaccount

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-17-2023 08:21 AM 
# If the $SPLUNK_HOME/etc/passwd file is present,
the settings in this file (user-seed.conf) are not used
0 Karma
Reply

uagraw01
Motivator
‎04-17-2023 08:23 AM

@PickleRick 
No passwd file is generating after restarting of the Splunk.

uagraw01_0-1681745004108.png

 

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎04-17-2023 09:57 AM

As @PickleRick said you cannot have .../<SPLUNK_HOME>/etc/passwd file. If you have then you could use e.g.

Create admin credentials for automated installations with the 'hash-passwd' CLI command

to generate hashed password and add/change it into passwd file as already proposed.

r. Ismo

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-17-2023 08:17 AM

Did you restart your splunk instance?

0 Karma
Reply

uagraw01
Motivator
‎04-17-2023 08:18 AM

@PickleRick Yes I have restarted

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎04-17-2023 09:47 AM

To be fully honest, if you already have a working installation, I would just edit etc/passwd manually and insert a hashed password there.

But if you don't have etc/passwd and it's not getting created from user-seed.conf - there must be something wrong. Check the splunkd.log for errors. Permission issues?

0 Karma
Reply

uagraw01
Motivator
‎04-17-2023 10:01 AM

@PickleRick & @isoutamo  It has been fixed. I was used to save the seed file as user-seed.conf. So when I restarted the Splunk it saved as user-seed.conf.conf. So I corrected and saved the file only as user-seed and gives the results as user-seed.conf and generated the passwd  file also.

Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...