I have somewhere between 20-50 universal forwarders installed on Solaris hosts. I need to change the Splunk admin password on each of these machines, and being that I do not have credentials to logon to each of these hosts, I am curious if this can be done remotely.
Thank you.
Hi adamblock1,
One way to do this is using Deployment Server and setup a scripted input. Inside the scripted input, you run the command:
$SPLUNK_HOME/bin/splunk edit user admin -password $NEWPASSWORD -auth admin:changeme
Once this is run, you can delete the input from the forwarders using the Deployment Server.
hope this helps ...
cheers, MuS
Do not be changed in the CLI from SPLUNK server?
>splunk edit user admin -password PASSWORD_NEW -auth admin:PASSWORD_OLD -uri https://HOSTNAME:8089
This command is not usable by the default password.I'm sorry.
The "splunk edit user admin" command works if the default password had been changed. I have found that when these universal forwarders were installed, the default password was never chaged.