Configure users with the CLI
You can use the Splunk CLI to manage local Splunk accounts on a Splunk Enterprise instance. You can use the CLI to add, edit, or delete users.
The CLI works for users that exist in the native Splunk authentication scheme only. The CLI cannot add, edit, or remove users when the Splunk Enterprise instance authenticates using other authentication schemes, such as the lightweight directory access protocol (LDAP) or security assertion markup language protocol (SAML) schemes.
Refer to the table to learn which Splunk CLI commands you can use to perform user management on your Splunk Enterprise instance.
Function | CLI command to use | Notes | |
---|---|---|---|
Add users | splunk add user -username <username>
|
This command requires additional arguments:
| |
Edit users | splunk edit user -username <username>
|
To modify roles for a user, use the roles command line argument. See the CLI help for details.
|
|
Remove users | splunk remove user -username <username>
|
The Splunk user CLI commands have context-specific command line arguments. For specific information on each of the command line arguments for each command, run the `splunk help user <command>` command.
If you are have not already authenticated into your Splunk Enterprise instance using the CLI, and do not supply those arguments to the CLI using the auth
argument, the CLI prompts you for current credentials. You must provide those credentials for the user management commands to succeed.
Examples of user management using the CLI
Following are some examples of using the Splunk CLI to add, edit, and remove users in Splunk Enterprise. To prevent others from potentially having access to the credentials you gave the users, delete the command line history after you configure the users.
Action | CLI command | Notes |
---|---|---|
Add a new administrator user with the password "changeme2" | ./splunk add user admin2 -password changeme2 -role admin -auth admin:changeme
|
|
Change an existing administrator user password to "fflanda" | ./splunk edit user admin -password fflanda -role admin -auth admin:<password>
|
You must either escape or wrap single quotation marks around passwords that have special characters that the local shell or command prompt can interpret. For example:
|
Remove an existing user "ninja" | ./splunk remove user ninja -password -auth admin:<password>
|
This command is immediate, and can't be undone. |
PREVIOUS Configure users with Splunk Web |
NEXT Set up user authentication with LDAP |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.2.0, 9.2.1
Feedback submitted, thanks!