Forgot the Splunk admin password. How to reset the Splunk admin password.

How do I reset my forgotten admin password in Splunk?

Resetting the Admin Password in Splunk requires file system access.

Backup the $SPLUNK_HOME/etc/passwd file and then delete it.
$ mv $SPLUNK_HOME/etc/passwd $SPLUNK_HOME/etc/passwd.bak

Restart Splunk.
$ $SPLUNK_HOME/bin/splunk restart

Browse to the login page and login with the default user admin and default password changeme.

Note: be sure to cut off external access during this time and change the password ASAP to avoid compromising situations.


Guarding your IT Experience!

Add new comment