Create a secure administrator password
When you install Splunk Enterprise, you should create a password for your administrator account. If you do not create the password during installation (for example, if you use the --no-prompt
Splunk CLI argument for starting Splunk Enterprise, and also do not provide an administrator password in user-seed.conf
), you must then create the administrator credentials manually for the instance to be accessible.
If you upgrade from an older version of Splunk Enterprise, the old administrator password is automatically used as the new administrator password.
Note that updates using splunkd REST
commands require restart.
Note that the "oldpassword" argument must be passed in for user's own password change.
Create admin credentials after starting Splunk Enterprise
If you installed Splunk Enterprise and did not create the administrator password, you can use one of the following methods to create the credentials.
Create admin credentials with user-seed.conf
This is currently the most secure method to create the credentials. The other methods in this topic are faster or easier, but introduce security risks, mainly around access to command line history or process output.
- Edit
$SPLUNK_HOME/etc/system/local/user-seed.conf
file as follows.[user_info] USERNAME = admin PASSWORD = <your password>
- Restart Splunk Enterprise.
Create admin credentials using REST
Administrators with access to the machine file system can create a user and enter a password using the splunkd rest --noauth
command. This method is not secure, because the password appears in plain text in the command line history, unless you immediately delete the history after running the command.
$ splunk cmd splunkd rest --noauth POST /services/authentication/users "name=admin&password=<your password>&roles=admin"
Create admin credentials using the '--seed-passwd' or '--gen-and-print-passwd' CLI arguments
While this method is the fastest way to create the credentials, it is not secure because the password appears in command line history, process output (ps aux
), and other items.
- Create a password when you start Splunk Enterprise with the
--seed-passwd
argument:
$ splunk start --accept-license --answer-yes --no-prompt --seed-passwd <your password>
- Generate a random password (the command prints the random password immediately):
$ splunk start --accept-license --answer-yes --no-prompt --gen-and-print-passwd
Create admin credentials for automated installations with the 'hash-passwd' CLI command
This method can be used in automated installations where user-seed.conf
is saved and distributed to the newly installed instances.
This method is secure as long as you delete the command line history after completing the procedure.
- Create a hash from a plain-text password.
splunk hash-passwd <your password>
- Copy the hash and place it into the
user-seed.conf
file. For example:$ splunk hash-passwd <your password> $6$hf3syG/qxy6REoBp...
The output of the hash-passwd command can then be safely written in
user-seed.conf
.For example:
[user_info] USERNAME = admin HASHED_PASSWORD = $6$hf3syG/qxy6REoBp...
- To validate a password and make sure it conforms to the password complexity requirements, you can use
validate-passwd
. For example:splunk validate-passwd <your password> cat passwd.txt | splunkd validate-passwd - $ splunk validate-passwd weakpas ERROR: Password did not meet complexity requirements. Password must contain at least: * 8 total printable ASCII character(s).
Reset a lost password
If you lose or forget the admin password, you can reset it. You must have the ability to write to the underlying password file ($SPLUNK_HOME/etc/passwd
).
splunk cmd splunkd rest --noauth POST /services/admin/users/admin "password=<your password>"
Install Splunk Enterprise securely | About TLS encryption and cipher suites |
This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10
Feedback submitted, thanks!