Security

How can I change the admin password before splunk is started the first time?

Alan_Bradley
Path Finder

Is there a way to change the splunk admin password from the command line when splunk isn't running?

Anytime I do a splunk install on our servers where splunk is on the net, I have to go manipulate firewall rules twice because splunk comes up with a default password. I'd really love to set that password to a specific one before I start splunk the first time.

Tags (2)
1 Solution

matt
Splunk Employee
Splunk Employee

You should add a new stanza in etc/user-seed.conf before first start.

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/User-seedconf

View solution in original post

dougmartin
Path Finder

To get rid of the "first time logging in?" messsage on the web app just touch $SPLUNK_HOME/etc/.ui_login

source: https://answers.splunk.com/answers/5543/how-can-i-remove-the-first-time-logging-in-hint-in-the-login... used "splunk edit user admin" but when the web app next comes up it does the whole "first time signing in" and change password which is annoying.

0 Karma

BunnyHop
Contributor

You can also start the splunk instance and then run the command

splunk edit user admin -password YOURNEWPASSWORD -auth admin:changeme

then restart the splunk instance: splunk restart

I have this on a batch file for deployment.

matt
Splunk Employee
Splunk Employee

You should add a new stanza in etc/user-seed.conf before first start.

Reference: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/User-seedconf

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...