Change defaults

Change defaults

Changing the admin default password

Splunk with an Enterprise license has a default administration account and password. It is highly recommended that you change the default. You can do this via the Splunk CLI or SplunkWeb interface.

Please note: CLI commands assume you have set a Splunk environment variable. If you have not, you must navigate to $SPLUNK_HOME/bin and run the ./splunk command.

via SplunkWeb

• Login as admin.
• Click Admin in the top-right of the interface:

• Click the Users tab:

• Under the Action heading click Edit.
• Type in the new information and click Save.

via Splunk CLI

The Splunk CLI command is:

# splunk edit user

Please note: you must authenticate with the existing password before it can be changed. You can do this by logging into Splunk via the CLI or using the -auth parameter.

For example:

# splunk edit user admin -password foo -auth admin:changeme

This command changes the admin password from changeme to foo.

Changing network ports

Splunk uses two ports:

• 8000 - HTTP or HTTPS socket for the SplunkWeb interface
• 8089 - Splunkd management port. Used to communicate with the splunkd daemon. The SplunkWeb interface talks to splunkd on this port, as does the command-line interface and any distributed connections from other servers.

These are the default settings; your installation may be configured differently.

via SplunkWeb

• To change the port settings via SplunkWeb, click the Admin link in the upper right hand corner:

• Then, click the Server tab. Under Settings you can change the port assignments:

via Splunk CLI

To change the port settings via the Splunk CLI, use the CLI command set.

# splunk set  web-port 9000

This command sets the SplunkWeb port to 9000.

# splunk set splunkd-port 9089

This command sets the splunkd port to 9089.

Changing the default Splunk server name

The Splunk server name setting controls both the name displayed within the SplunkWeb interface and the name sent to other Splunk Servers in a distributed setting.

The default name is taken from either the DNS or IP address of the Splunk Server host.

via SplunkWeb

• To change this setting, click the Admin link in the upper right hand corner:

• Then, click the Server tab and modify the Splunk Server name variable under the Settings tab:

via Splunk CLI

To change the server name via the CLI, type the following:

# splunk set servername foo

This command will set the servername to foo.

Changing the datastore location

The datastore is the top-level directory where the Splunk Server stores all indexed data, user accounts, and working files.

Please note: If you change this directory, the server won't migrate old datastore files. It will start over again at the new location.

To migrate your data to another directory follow the instructions in Move an index.

via SplunkWeb

• To change this setting, click the Admin link in the upper right hand corner:

• Then, click the Server tab and modify the Datastore path variable under the Settings tab:

via Splunk CLI

To change the server name via the CLI, type the following:

# splunk set datastore-dir /var/splunk/

This command will set the datastore directory to /var/splunk/.

Set minimum free disk space

The minimum free disk space setting controls how low disk space in the datastore location can fall before Splunk stops indexing.

Splunk will resume indexing when more space becomes available. For detailed information on how to manage Splunk server disk usage, see Disk usage.

via SplunkWeb

• To change this setting, click the Admin link in the upper right hand corner:

• Then, click the Server tab and modify the variable below Pause indexing if free disk space falls below under the Settings tab:

via Splunk CLI

To change the server name via the CLI, type the following:

# splunk set minfreemb 2000

This command will set the minimum free space to 2000 MB.

• Was this topic useful?
• Post a comment