Configure users with the CLI
You can use the Splunk CLI to manage local Splunk accounts on a Splunk Enterprise instance. You can use the CLI to add, edit, or delete users.
The CLI works for users that exist in the native Splunk authentication scheme only. The CLI cannot add, edit, or remove users when the Splunk Enterprise instance authenticates using other authentication schemes, such as the lightweight directory access protocol (LDAP) or security assertion markup language protocol (SAML) schemes.
You must have administrator or equivalent access to manage users with the CLI. If you are have not already authenticated into your Splunk Enterprise instance, the CLI prompts you for those credentials. You must provide the credentials for the user management commands to succeed. You can use the auth
argument to provide credentials manually
Refer to the table to learn which Splunk CLI commands you can use to perform user management on your Splunk Enterprise instance.
Function | CLI command to use | Notes | |
---|---|---|---|
Add users | splunk add user -username <username>
|
This command requires additional arguments:
| |
Edit users | splunk edit user -username <username>
|
To modify roles for a user, use the roles command line argument. See the CLI help for details.
|
|
Remove users | splunk remove user -username <username>
|
The Splunk user CLI commands have context-specific command line arguments. For specific information on each of the command line arguments for each command, run the splunk help user <command>
command.
Examples of user management using the CLI
Following are some examples of using the Splunk CLI to add, edit, and remove users in Splunk Enterprise. To prevent others from potentially having access to the credentials you gave the users, delete the command line history after you configure the users.
Action | CLI command | Notes |
---|---|---|
Add a new administrator user with the password "changeme2" | ./splunk add user admin2 -password changeme2 -role admin -auth admin:changeme
|
|
Change an existing administrator user password to "fflanda" | ./splunk edit user admin -password fflanda -role admin -auth admin:<password>
|
You must either escape or wrap single quotation marks around passwords that have special characters that the local shell or command prompt can interpret. For example:
|
Remove an existing user "ninja" | ./splunk remove user ninja -password -auth admin:<password>
|
This command is immediate, and can't be undone. |
Set up native Splunk authentication | Set up authentication with tokens |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0
Feedback submitted, thanks!