The splunkweb front end (webserver) is disabled. How can I check the admin password from the command line?
Do you mean changing the admin password? For example:
./splunk edit user admin -password foo -role admin -auth admin:changeme
This command changes the admin password from changeme
to foo
.
Note: Passwords with special characters that would be interpreted by the shell (for example $
or !
) must be either escaped or single-quoted:
./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme
or
./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme
You can't decrypt the password if that's what you're asking.
You can reset it: http://answers.splunk.com/questions/834/how-could-i-reset-the-admin-password
Or just try logging in from the command line:
splunk login
Another option would be to try logging in via the REST API. Here's an example: http://answers.splunk.com/questions/8940/how-can-i-run-searches-against-the-splunk-api
Do you mean changing the admin password? For example:
./splunk edit user admin -password foo -role admin -auth admin:changeme
This command changes the admin password from changeme
to foo
.
Note: Passwords with special characters that would be interpreted by the shell (for example $
or !
) must be either escaped or single-quoted:
./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme
or
./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme
this process will expose the new password in clear text in the servers history. Is there a way of doing this without exposing the password? (other than doing it on one server then deleteing the history and then copy the passwd file to all other servers than need their password changed from the default)
history -c will deleate all your CLI history 😄
cheers
Try this
# read -s 'pw?password: '; echo; splunk edit user admin -password "$pw" -role admin -auth admin:changeme
password:
User admin edited.