Change defaults
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Change defaults
Changing the admin default password
Splunk with an Enterprise license has a default administration account and password. It is highly recommended that you change the default. You can do this via Splunk's CLI or Splunk Web.
Note: CLI commands assume you have set a Splunk environment variable. If you have not, navigate to $SPLUNK_HOME/bin and run the ./splunk command.
via Splunk Web
- Log in as admin.
- Click Admin in the top-right of the interface:
- Click the Users tab:
- Under the Action heading click Edit.
- Type in the new information and click Save.
via Splunk CLI
The Splunk CLI command is:
# splunk edit user
Note: You must authenticate with the existing password before it can be changed. Log into Splunk via the CLI or use the -auth parameter.
For example:
# splunk edit user admin -password foo -auth admin:changeme
This command changes the admin password from changeme to foo.
Changing network ports
Splunk uses two ports. They default to:
- 8000 - HTTP or HTTPS socket for Splunk Web.
- 8089 - Splunkd management port. Used to communicate with the splunkd daemon. Splunk Web talks to splunkd on this port, as does the command line interface and any distributed connections from other servers.
via Splunk Web
- To change the port settings via Splunk Web, click the Admin link in the upper right hand corner:
- Then, click the Server tab. Click on Settings and change the port assignments:
via Splunk CLI
To change the port settings via the Splunk CLI, use the CLI command set.
# splunk set web-port 9000
This command sets the Splunk Web port to 9000.
# splunk set splunkd-port 9089
This command sets the splunkd port to 9089.
Changing the default Splunk server name
The Splunk server name setting controls both the name displayed within Splunk Web and the name sent to other Splunk Servers in a distributed setting.
The default name is taken from either the DNS or IP address of the Splunk Server host.
via Splunk Web
- To change this setting, click the Admin link in the upper right-hand corner:
- Then, click the Server tab and modify the Splunk Server name variable under the Settings tab:
via Splunk CLI
To change the server name via the CLI, type the following:
# splunk set servername foo
This command sets the servername to foo.
Changing the datastore location
The datastore is the top-level directory where the Splunk Server stores all indexed data, user accounts, and working files.
Note: If you change this directory, the server does not migrate old datastore files. Instead, it starts over again at the new location.
To migrate your data to another directory follow the instructions in Move an index.
via Splunk Web
- To change this setting, click the Admin link in the upper right hand corner:
- Then, click the Server tab and modify the Datastore path variable under the Settings tab:
via Splunk CLI
To change the server name via the CLI, type the following:
# splunk set datastore-dir /var/splunk/
This command sets the datastore directory to /var/splunk/.
Set minimum free disk space
The minimum free disk space setting controls how low disk space in the datastore location can fall before Splunk stops indexing.
Splunk resumes indexing when more space becomes available. For detailed information on how to manage Splunk server disk usage, see Disk usage.
via Splunk Web
- To change this setting, click the Admin link in the upper right-hand corner:
- Then, click the Server tab and modify the variable below Pause indexing if free disk space falls below under the Settings tab:
via Splunk CLI
To change the server name via the CLI, type the following:
# splunk set minfreemb 2000
This command sets the minimum free space to 2000 MB.
This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.