Unlock a user password
If your user locks themselves out of their account or forgets their password, you can unlock their account.
To change a user password, see Change a password.
Unlock a user account in Splunk Web
If a user or admin is locked out an admin can:
- Wait for the lockout period to expire (not recommended for lengthy lockout periods.)
- Manually reset the user that has locked the peer.
1. In Splunk Web click Settings > Access Control > Users.
2. In the Users page, check the Status column to locate the user that is locked.
3. In the Action column for that user, click Unlock.
Unlock a user from the command line
A Splunk user with privilege to write to disk on a Splunk instance can execute this command.
In the command line, type the following CLI command:
splunk edit user <locked username> -locked-out false -auth admin:<yourpassword>
About unlocking users in distributed environments
If a user on a search head cluster is locked out, they are locked out on a single member of the cluster. Results from other search heads will not show the user as locked out.
If a user or admin is locked out, an admin can:
- Wait for the user's lockout period to expire
- Unlock the user, using the instructions on this page.
Password best practices for users
Change a password
This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4