Resetting Splunk Admin password depends on the version of Splunk. If we are using Splunk 7.1 and above, then we have to follow the below steps:
- First, we have to stop our Splunk Enterprise
- Now, we need to find the ‘passwd’ file and rename it to ‘passwd.bk’
- Then, we have to create a file named ‘user-seed.conf’ in the below directory:
$SPLUNK_HOME/etc/system/local/
In the file, we will have to use the following command (here, in the place of ‘NEW_PASSWORD’, we will add our own new password):
[user_info]
PASSWORD = NEW_PASSWORD
- After that, we can just restart the Splunk Enterprise and use the new password to log in
Now, if we are using the versions prior to 7.1, we will follow the below steps:
- First, stop the Splunk Enterprise
- Find the passwd file and rename it to ‘passw.bk’
- Start Splunk Enterprise and log in using the default credentials of admin/changeme
- Here, when asked to enter a new password for our admin account, we will follow the instructions
Note: In case we have created other users earlier and know their login details, copy and paste their credentials from the passwd.bk file into the passwd file and restart Splunk.
