Splunk® Enterprise

Securing Splunk Enterprise

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Secure your admin account

Splunk with an Enterprise license has a default administration account and password, admin/changeme. Splunk recommends strongly that you change the default in order to keep your system secure. Your password should be complex and follow general password best practices:

  • Use a combination of words, numbers, symbols, and both upper- and lower-case letters.
  • Complexity is important, but length is vital. We recommend a minimum of 10 characters.
  • Do not choose passwords based upon details that may not be as confidential as you'd expect, such as your birth date, your Social Security or phone number, or names of family members.
  • Do not use words that can be found in the dictionary.
  • Don't use a password you use or have used elsewhere.

Use Splunk Web

To change the admin default password:

1. Log into Splunk Web as the admin user.

2. Click Settings in the top-right of the interface.

3. Click Access controls in the Users and Authentication section of the screen.

4. Click Users.

5. Click the admin user.

6. Update the password, and click Save.

Use Splunk CLI

The Splunk CLI command is:

splunk edit user

Important: You must authenticate with the existing password before you can change it. Log into Splunk via the CLI or use the -auth parameter. For example, this command changes the admin password from changeme to foo:

splunk edit user admin -password foo -role admin -auth admin:changeme

Note: On *nix operating systems, the shell interprets some special characters as command directives. You must either escape these characters by preceding them with \ individually, or enclose the password in single quotes ('). For example:

splunk edit user admin -password 'FFL14io!23ur$' -role admin -auth admin:changeme

or

splunk edit user admin -password FFL14io!23ur\$ -role admin -auth admin:changeme

On Windows, use the caret (^) to escape reserved shell characters, or enclose the password in double-quotes ("). For example:

splunk edit user admin -password "FFL14io!23ur>" -role admin -auth admin:changeme

or

splunk edit user admin -password FFL14io!23ur^> -role admin -auth admin:changeme

Note: You can also reset all of your passwords across servers at once. See "Deploy secure passwords across multiple servers for the procedure.

PREVIOUS
Install Splunk Enterprise securely
  NEXT
About TLS encryption and cipher suites

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters