Hello @xzp521 , you can try this a) Move the existing passwd file: $SPLUNK_HOME/etc/passwd to a backup location. b) Create a user-seed.conf file in $SPLUNK_HOME/etc/system/local containing the username and new password [user_info] USERNAME = admin PASSWORD = <password> c) Restart Splunk and login with above set credentials. d) A new set of pwd will be created by Splunk in etc/passwd file and user-seed.conf file should be deleted by Splunk. Now, merge the backup of passwd file with new etc/passwd file with
... View more