Splunk® Phantom (Legacy)

Install and Upgrade Splunk Phantom

This documentation does not apply to the most recent version of Splunk® Phantom (Legacy). For documentation on the most recent version, go to the latest release.

Log in to the Splunk Phantom web interface

Perform the following tasks to log in to the Splunk Phantom web interface after installation is complete.

  1. Using a web browser, go to the IP address you assigned to Splunk Phantom.
    • If you installed Splunk Phantom as an unprivileged user, log in to Splunk Phantom's web interface at the custom HTTPS port. 
      https://<ip address or hostname>:<your https port>
    • If you installed Splunk Phantom from the AWS Marketplace, get the public IP address for the instance from the EC2 Management Console and the full AWS instance ID for the EC2 instance. Log in to the Splunk Phantom web interface by using the public IP address.
  2. Log in using the default credentials. Use admin as the username and password as the password. If you installed Splunk Phantom from the AWS Marketplace, use admin as the username and the full AWS instance ID as the password.

    AWS requires about 20 min to complete the setup. Once the setup is complete, you can use your full AWS instance ID as the password. Attempting to login before that will result in a login error as Splunk Phantom has yet to change the password for your instance.

  3. Change the admin user's password:
    1. Click the user name admin, then select Account Settings.
    2. Click the Change Password tab.
    3. Type the current password.
    4. Type a new password.
    5. Type a new password a second time to confirm.
    6. Click Change Password.

Log in to Splunk Phantom using SSH

To SSH into the Splunk Phantom instance perform the following steps:

  1. Open a terminal window.
  2. SSH to your Splunk Phantom instance's operating system ssh <username>@<hostname or IP address of Splunk Phantom>.

Use the appropriate username:

  • user: Used by most Splunk Phantom instances.
  • centos: AMI-based Splunk Phantom instances.

Remote SSH is disabled for the root user. The account user has sudo permissions. Use that account to administer the operating system.

In order to log in to the operating system of your AMI-based Splunk Phantom install using SSH, use the user id centos, not root or ec2-user. If you need root access, login as the centos user, then use sudo su -.

Last modified on 07 December, 2020
Install Splunk Phantom as an unprivileged user   About Splunk Phantom clusters

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters