- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Re: admin password on command line
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The splunkweb front end (webserver) is disabled. How can I check the admin password from the command line?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you mean changing the admin password? For example:
./splunk edit user admin -password foo -role admin -auth admin:changeme
This command changes the admin password from changeme to foo.
Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:
./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme
or
./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can't decrypt the password if that's what you're asking.
You can reset it: http://answers.splunk.com/questions/834/how-could-i-reset-the-admin-password
Or just try logging in from the command line:
splunk login
Another option would be to try logging in via the REST API. Here's an example: http://answers.splunk.com/questions/8940/how-can-i-run-searches-against-the-splunk-api
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you mean changing the admin password? For example:
./splunk edit user admin -password foo -role admin -auth admin:changeme
This command changes the admin password from changeme to foo.
Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:
./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme
or
./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this process will expose the new password in clear text in the servers history. Is there a way of doing this without exposing the password? (other than doing it on one server then deleteing the history and then copy the passwd file to all other servers than need their password changed from the default)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
history -c will deleate all your CLI history 😄
cheers
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this
# read -s 'pw?password: '; echo; splunk edit user admin -password "$pw" -role admin -auth admin:changeme
password:
User admin edited.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
