Add more users
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Add more users
There are three default user roles and three different authentication methods to choose from when you set up Splunk with an Enterprise license. Users authenticate with Splunk's built-in system (described below), LDAP or scripted authentication (for third-party auth systems). Either method works with Splunk's roles system.
You must be logged in as a Splunk administrator to add or edit user accounts. The default Admin account password is changeme.
Note: Splunk with a Free license does not contain access control features. To access this page, you must run Splunk with an Enterprise license. For more information, read About Splunk licenses.
Lost admin password
If you lose the password to your admin account, contact Splunk Support for assistance.
Splunk local users
A Splunk Admin can create new users either via Splunk Web or Splunk's CLI. Users can be mapped to Splunk's default roles or any custom roles via authorize.conf
via Splunk Web
- To manage users accounts, click the Admin link in the upper right-hand corner:
- From the left hand navigation list, click Users.
- To add a new user, click the New User button.
- To edit existing accounts, click the Edit link under the Action heading.
- Enter the new or changed information and then click Save.
via Splunk CLI
From the CLI, use the following commands to add, edit, remove, or list users.
add user [-parameter value] ... edit user [-parameter value] ... remove user [-parameter value] ... list user
Required (default) Parameters:
username -- the name of the Splunk user account to manage.
full-name -- the full name of the user in quotes, for example "Nikola Tesla".
role -- either User, Power, or Admin.
Note: The role names are case sensitive.
Optional Parameters:
password -- the password to set for the account.
Examples
The following are examples of editing a user's properties and adding a new user. Only Admin roles can modify user properties. To login, use the splunk login command or -auth, as exemplified in these examples.
Note: These examples assume you have set a Splunk environment variable. If you have not, navigate to $SPLUNK_HOME/bin and run the ./splunk command.
Example 1
Let's say, as an admin on a Splunk server, you want to change the password for another user. The syntax for this looks something like:
# splunk edit user <username> -password <newpassword> -auth <your_username>:<your_password>
Note: When editing a specific user's properties, you can list the user without the -username parameter.
Therefore, to authenticate as user admin to change the password for user newbie:
# splunk edit user newbie -password f8h2.$R -auth admin:adminpw
Example 2
Now, as an admin on a Splunk server, you want to add a new user with more than one role. The syntax for this looks something like:
# splunk add user -username <username> -full-name "First Last" -role <role1> -role <role2> -password <password> -auth <your_username>:<your_password>
Therefore, to add a new user deep, with Everybody and Admin permissions:
# splunk add user -username deep -full-name "the deep" -role Everybody -role Admin -password foobar -auth admin:adminpw
This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.