We are attempting to change the password across all Universal forwarders using the command found in this link which references this command:
./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme
Everything seems to run with no errors, however, how do we validate the password was actually changed to the correct one?
Prior to the change I would remotely browse a host with a UF (https://IP ADDRESS:8089) > Click on services > enter admin followed by default password and it would proceed to authenticate me.
After the password change I would follow the same process but instead the password box kept re-occurring after every password attempt indicating that the password may not have been set correctly.
How would we validate that the actual password has been change on the UF?
... View more