Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cannot login - already tried the admin/changeme thing!

manfrmuncle
New Member
‎10-29-2013 08:32 PM

Installed today.

The first time I went to login, I got the error message. I did the admin/changeme dance - got in no problem.

Worked great.

Timed out and Splunk said I need to log in again.

I have made several attempts to log in but cannot. I tried the admin/changeme dance again - NO LUCK!

SO - I went to the website, splunk.com and was able to log in with my user name and password on the website.

I STILL CANNOT LOG INTO MY SPLUNK SERVER ON MY LAPTOP.

Whats up with that?

Any good, quick solutions would be greatly appreciated.

Tags (1)
0 Karma
Reply

SteveKihiu
New Member
‎06-13-2016 02:49 AM

@Mus where do i type those commands?

Its really hard to understand why they have not fixed this issue already. It has been bugging me for 2 days and i have been completely unable to proceed. I am new user and i have a very bad experience already.

0 Karma
Reply

mwant
Explorer
‎02-07-2014 03:00 AM

Worked for me thanks. I upgraded from free to Enterprise and couldn't log in for some reason.

0 Karma
Reply

SteveKihiu
New Member
‎06-13-2016 03:36 AM

What exactly does the second command entail? What exactly is the next step after stopping splunk?

0 Karma
Reply

MuS
Legend
‎10-30-2013 12:57 AM

Hi manfrmuncle,

THIS IS DANGER ZONE, FOLLOW THIS ON YOUR OWN RISK!!! You will loose all users and passwords!!!

If you are really lost and Damien's answer didn't help, then here is a way to go:

stop splunk - move your passwd file - start splunk

this way you will get back default passwd file and therefore get back default password for user admin.

So if you really want to do this and restore default password for admin proceed like this:

  • $SPLUNK_HOME/bin/splunk stop
  • mv $SPLUNK_HONE/etc/passwd $SPLUNK_HOME/etc/myOldPasswd
  • $SPLUNK_HOME/bin/splunk start
  • login as admin/changeme

hope this helps and don't blame me if you lost all your users....I warned you before.

cheers, MuS

Reply

jtough1985
New Member
‎06-10-2018 12:51 PM

I can not find the option to stop Splunk under the /bin/ directory. I'm using windows 7 64x and have the free trial installed if that helps at all. Thanks

0 Karma
Reply

MuS
Legend
‎06-10-2018 02:38 PM

In the splunk/bin directory simply run splunk.exe stop ...

0 Karma
Reply

JensT
Communicator
‎10-30-2013 01:24 AM

Hi,

following MuS' suggestion is a valid workaround - if your're using username/password 😉

If you have multiple users, you can actually copy them from your old passwd file, into the new.

kind regards,

Jens

Reply

SteveKihiu
New Member
‎06-13-2016 03:34 AM

@Mus please be a bit clear on the second command.

0 Karma
Reply

MuS
Legend
‎06-13-2016 01:27 PM

@SteveKihiu, the second command simply moves the user file in Splunk which is $SPLUNK_HOME/etc/passwd to a different file $SPLUNK_HOME/etc/myOldPasswd in this case.
After the next restart of Splunk, Splunk will re-create a default $SPLUNK_HOME/etc/passwd which only contains the admin user with the default changeme password.

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎10-29-2013 09:11 PM

Have you tried the admin/whatyouchangedthechangemepasswordto dance 🙂

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...