How do I reset splunk admin password? I guess I need access to the file system that Splunk is running on in order to modify the password file. The solution from here does not work somehow: splunk admin password
Asked
Active
Viewed 3,776 times
2 Answers
1
The other solution won't work for Splunk version 7.1 and above, due to changes in the way passwords and accounts are managed.
In order to change a forgotten admin password, I have found the easiest method is to perform the following.
- Run
/opt/splunk/bom/splunk hash-passwd 'MySecureP@55word'and save the output - Note that the password needs to meet password complexity requirements, so use something complex
- Stop Splunk
- Edit the password file,
vim /opt/splunk/etc/passwd - Replace the hash after the admin user with the output you saved from the hash-passwd function
- Save the file, and restart Splunk
- You should now be able to login with the new credentials.
For example, something like the following, you would put your saved hash between :admin: and ::Administrator:.
:admin:$6$askdjlakjklj434j2l3jrlkj3l4j23j4l23kj4l23j4l23jljlj5l34jl5kjljasdkljl/bjkhjGHGhjGc679hIJj87asda0lasdbJK::Administrator:admin:changeme@example.com:::12345
Simon Duff
- 2,631
- 2
- 7
- 15
-1
Have another user with the admin role sign in and change the password for user 'admin'.
RichG
- 9,063
- 2
- 18
- 29