Is there any way to recover credentials for a prev...

donaldj · ‎06-23-2015

Good morning all,

I have an issue/question that I hope someone here can possibly help me with.

Here is my situation: while trying to get the latest version of Splunk up and running, I discovered there is already an older version (501) running on another Windows server that I have responsibility for. That older version must have been installed by the previous admin as I have no information (usernames or passwords) for this installation, so I have no idea what it’s doing. I did manage to connect to it via the default url (xxx.xxx.xxx:8089), but that’s as far as I can get without any userid or passwords.

So here’s my question(s):
a) is there any way to “recover” those credentials?
b) If I were to just install the latest version over this current installation, what would happen? Would that original configuration remain intact?… would I still need those original credentials to save it or would everything just get blown away for the new install?

Thanks in advance and any suggestions would be greatly appreciated.

Don

vinitatsky · ‎06-23-2015

To reset the admin password -
- Take a backup of $SPLUNK_HOME/etc/passwd file as passwd.bak and Restart splunk.
- After the restart you should be able to login using the default login (admin/changeme).

If there any accounts already created then you can copy those entries from passwd.bak file into the new passwd file and restart splunk.

donaldj · ‎06-23-2015

@vinitatsky... thanks, I'll give that a try and post the results. Thanks!

vinitatsky · ‎06-25-2015

No prb. Let me know if it works

Is there any way to recover credentials for a previous Splunk installation, and what would happen if I install the latest version over the old one?

upgrade

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases