Splunk server login

stevengrigg · ‎06-26-2011

I just installed the current version of Splunk on my Fedora Core 14 laptop. There is an option at login for Splunk Server. I have no idea what the password is (neither changeme, nor my user or root passwords work). Can anyone help? Thanks in advance.

LukeMurphey · ‎06-26-2011

Are you referring to logging into Splunk itself or an account on the OS created for Splunk to run under?

If the former, then you can reset the Splunk password by following the steps below (needs filesystem access):

Move the $SPLUNK_HOME/etc/passwd file to passwd.bak
Restart splunk. After the restaringt you should be able to login using the default login (admin/changeme).
If you created other user accounts, copy those entries from the backup file into the new passwd file and restart splunk.

If your looking for the latter (to login using the Splunk account on the OS) then you'll find you will not be able to login into the account that the Splunk installer created since it does not have a valid password defined since the account is only designed to be used by the local Splunk processes. The password for the splunk account in /etc/shadow is usually set to an exclamation mark which prevents anyone from logging in with this password.

stevengrigg · ‎06-27-2011

thanks luke.

Splunk server login

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases