Add more users
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Add more users
There are three user roles and two different authentication models to choose from when you set up Splunk with an Enterprise license. Users are authenticated using the Splunk server or LDAP.
You must be logged in as a Splunk administrator to add or edit user accounts. The default Admin account password is changeme.
Please note: Splunk with a free license does not enable access control features.
Lost admin password
Should you lose the password to the sole admin account for your installation, contact Splunk Support for assistance in restoring it. For security reasons there is no simple hack to get around a lost password.
User roles
- Admin - can do everything.
- Power User - can create, edit and share Saved Searches and Alerts. Can tag event types and rename source types. Cannot upload files into indexes from the home page. Cannot run python search scripts.
- User - can create and edit his or her own Saved Searches. Cannot tag event types or rename source types. Cannot upload files into indexes from the home page. Cannot run python search scripts.
Splunk local users
As a Splunk Admin, you can create new users either via SplunkWeb or Splunk's CLI.
via SplunkWeb
- To manage users accounts, click the Admin link in the upper right-hand corner:
- Then, click the Users tab:
- To add a new user, click the New User button.
- To edit existing accounts, click the Edit link under the Action heading.
- Enter the new or changed information and then click Save.
via Splunk CLI
From the CLI, you can use the following commands to add, edit, remove or list users.
add user username [-parameter value] ... edit user username [-parameter value] ... remove user username [-parameter value] ... list user username [-parameter value] ...
Required (Default) Parameter:
username -- the name of the Splunk user account to manage.
full-name -- real name of user in quotes, for example "Nikola Tesla" - required when adding a new user.
Optional Parameters:
full-name -- real name of user in quotes, for example "Nikola Tesla"
password -- the password to set for the account
role -- either user, power or admin
Example:
This example assumes you have set a Splunk environment variable. If you have not, you must navigate to $SPLUNK_HOME/bin and run the ./splunk command.
# splunk edit user newbie -password f8h2.$R -auth admin:d3cidr
This example authenticates as user "admin" to change the password for user "newbie."
Please note: You must be logged in as an Admin to make any changes regarding users. You can either login via the splunk login command, or you can use -auth, as exemplified above.
LDAP
User authentication can be managed through LDAP. For the details of the Splunk LDAP integration, see LDAP Authentication.
This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4 View the Article History for its revisions.