Splunk® Enterprise

Securing the Splunk Platform

Download manual as PDF

Splunk Enterprise version 7.1 will no longer be supported as of October 31, 2020. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Download topic as PDF

Configure Splunk password policies

Use the Password Policy Management page in Splunk Web to create a password policy for your users. Password policies set standards and minimum requirements for complexity.

This task applies to Splunk Enterprise native authentication and does not apply to SAML or LDAP passwords.

  1. In Splunk Web, click Settings > Access Controls > Password Policy Management.
  2. In the Minimum characters field, specify the minimum number of characters to require for user passwords. The maximum number of characters Splunk software supports is 256. The default value is 8.
  3. In the Numeral field, specify the number of digits to require for user passwords. A best practice is to require at least one number and to not allow passwords that are all numbers. The default is 0.
  4. In the Lowercase field, specify the number of lowercase letters to require for user passwords. A best practice is to require require at least one lowercase letter. The default is 0.
  5. In the Uppercase field, specify the number of uppercase letters to require for user passwords. A best practice is to require at least one uppercase letter. The default is 0.
  6. In the Special character field, specify the number of special characters to require for user passwords. A best practice is to require at least one special character. A user can create a password with any printable ASCII characters. The default is 0.
  7. Check Force existing users to change weak passwords to make existing users upgrade passwords to meet the requirements specified on this page.
  8. Enable Expiration to force a user to change their password after the specified period of time.
  9. In the Days until password expires field, specify the number of days until the user must change their password.
  10. In the Expiration alert in days field, specify the number of days before expiration that warnings appear.
  11. Enable Lockout to lock a user out of the system after a certain number of failed login attempts.
  12. In the Failed login attempts field, specify how many failed login attempts a user can make before they are locked out. The default is 5.
  13. In the Lockout threshold in minutes field, specify the number of minutes between the time of the first failed login until the failed login attempt counter resets.
  14. In the Lockout duration in minutes field, specify how many minutes the user must wait before they can attempt to log in again. The default value is 30 minutes.
  15. Enable History to prevent users from reusing previous passwords. Note that if you disable this value and enable it later, previously saved password history is preserved. Delete $SPLUNK_HOME/etc/opasswd to remove the password history.
  16. In the Password History Count field, specify the number of previous passwords that may not be reused. The default is 24.
  17. Click Save.

Your new password requirements are applied to the Set Password field in the Create User page.

Last modified on 18 April, 2018
Password best practices for administrators
Configure a Splunk password policy in Authentication.conf

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters