Splunk® Enterprise

Installation Manual

Acrobat logo Download manual as PDF

Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Acrobat logo Download topic as PDF

Change the user selected during Windows installation

You can change the Windows user that Splunk Enterprise or a universal forwarder has been installed as prior to starting the software for the first time.

The user that you change to must be a user that has administrative privileges on the local machine where you installed the software. See Choose the Windows user Splunk Enterprise should run as for additional information on choosing the correct Windows user for Splunk Enterprise operations.

There are several scenarios where performing this task is helpful:

  • If you selected "Domain user" during the Splunk Enterprise installation, and that user does not exist or you mistyped the information
  • If you need to install a Splunk Enterprise instance as a managed system account (MSA)
  • If you installed the software from a ZIP file and want to change the Windows user for the Splunk Enterprise services from the default SYSTEM user

You must perform this procedure before you start Splunk Enterprise. If Splunk Enterprise has started, then stop it, uninstall it, and reinstall it.

  1. Run the Services tool. From the Start menu, click Control Panel > Administrative Tools > Services.
  2. Find the splunkd and splunkweb (or splunkforwarder for the universal forwarder) services. These services must not be started. The Local System user owns them by default.
  3. Right-click a service, and select Properties.
  4. Click the Log On tab.
  5. Click the This account button.
  6. Fill in the correct domain\user name and password.
  7. Click Apply.
  8. Click OK.
  9. (Optional) If you run Splunk Enterprise in legacy mode, repeat steps 2 through 6 for the second service.
  10. Start the Splunk Enterprise services from the Service Manager or from the command-line interface.
Last modified on 20 March, 2019
Install on Windows using the command line
Install on Linux

This documentation applies to the following versions of Splunk® Enterprise: 6.5.7, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 9.0.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters