Secure your admin account
Splunk with an Enterprise license has a default administration account and password, admin/changeme. Splunk recommends strongly that you change the default in order to keep your system secure. Your password should be complex and follow general password best practices:
- Use a combination of words, numbers, symbols, and both upper- and lower-case letters.
- Complexity is important, but length is vital. We recommend a minimum of 10 characters.
- Do not choose passwords based upon details that may not be as confidential as you'd expect, such as your birth date, your Social Security or phone number, or names of family members.
- Do not use words that can be found in the dictionary.
- Don't use a password you use or have used elsewhere.
Use Splunk Web
To change the admin default password:
1. Log into Splunk Web as the admin user.
2. Click Settings in the top-right of the interface.
3. Click Access controls in the Users and Authentication section of the screen.
4. Click Users.
5. Click the admin user.
6. Update the password, and click Save.
Use Splunk CLI
The Splunk CLI command is:
splunk edit user
Important: You must authenticate with the existing password before you can change it. Log into Splunk via the CLI or use the
-auth parameter. For example, this command changes the admin password from changeme to foo:
splunk edit user admin -password foo -role admin -auth admin:changeme
Note: On *nix operating systems, the shell interprets some special characters as command directives. You must either escape these characters by preceding them with
\ individually, or enclose the password in single quotes (
'). For example:
splunk edit user admin -password 'FFL14io!23ur$' -role admin -auth admin:changeme
splunk edit user admin -password FFL14io!23ur\$ -role admin -auth admin:changeme
On Windows, use the caret (
^) to escape reserved shell characters, or enclose the password in double-quotes (
"). For example:
splunk edit user admin -password "FFL14io!23ur>" -role admin -auth admin:changeme
splunk edit user admin -password FFL14io!23ur^> -role admin -auth admin:changeme
Note: You can also reset all of your passwords across servers at once. See "Deploy secure passwords across multiple servers for the procedure.
Install Splunk Enterprise securely
Secure Splunk Enterprise on your network
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13