
Delete all user accounts on Splunk Enterprise
On Splunk Enterprise only, you can remove all user data on the instance, including user accounts, by using the CLI.
The CLI is not available in Splunk Cloud, instead, you can delete accounts using Splunk Web.
Delete all user accounts by typing ./splunk clean
CLI command followed by the userdata
argument. This deletes all user accounts.
Removing user data is irreversible. If you accidentally delete user data, you must recreate all accounts, including the admin account, manually. Additionally, you must satisfy any password requirements that are in place when you recreate the accounts.
Remove all of the user accounts in the system
./splunk clean userdata
Remove the user accounts in the system and skip the confirmation prompt
./splunk clean userdata -f
Recreate the default admin account
In Splunk Enterprise 7.1.0 and higher, the default admin account is no longer automatically recreated on startup after running ./splunk clean userdata
or ./splunk clean all
.
To recreate the admin account, you can create a $SPLUNK_HOME/etc/system/local/user-seed.conf
file with the following information before you restart the Splunk Enterprise instance.
[user_info] USERNAME = admin PASSWORD = <your new password>
PREVIOUS Find existing users and roles |
NEXT Secure access for Splunk knowledge objects |
This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5
Feedback submitted, thanks!