One of the method to resolve the issue is to get the password hashed the same way on each instance. To achieve this, you need to unify your splunk.secret key (in $SPLUNK_HOME/etc/auth/splunk.secret. ) Then when you prepare your config on a separate server that has the same splunk.secret , you restart splunk to apply them, and get the password encrypted in the local folders. Then you can push this pre-hashed file that all the other servers will be able to read. see http://docs.splunk.com/Documentation/Splunk/latest/Security/Deploysecurepasswordsacrossmultipleservers Preferably before you start splunk the first time. Or if you do change it afterward, you will have to clear some files to have them being rehashed. in $SPLUNK_HOME/etc/passwd $SPLUNK_HOME/etc/system/local/server.conf and optionally authentication.conf, outputs.conf, inputs.conf, and other special apps passwords fields. ... View more