Change the password for a data source
For security purposes, you may have a password management system or corporate requirement to periodically change your Splunk search head password. Your Splunk UBA data sources must also be edited to use any updated passwords as needed.
Run the change-ds-splunk-passwd.sh
script in Splunk UBA to change a data source's password:
- Log in to the management node of your Splunk UBA deployment as the caspida user.
- Run the
change-ds-splunk-passwd.sh
command:/opt/caspida/bin/postinstall/change-ds-splunk-passwd.sh -u <username> -s <splunk_server:8089> -p '<new_password>'
Be sure to include the single quotes around the new password. For example, to reset the password for the uba_svc data source to caspida123:
/opt/caspida/bin/postinstall/change-ds-splunk-passwd.sh -u uba_svc -s examplecompany.splunkcloud.com:8089 -p 'caspida123'
Use the help option for the
change-ds-splunk-passwd.sh
command to view additional options:/opt/caspida/bin/postinstall/change-ds-splunk-passwd.sh -h
- Stop and restart all the data sources.
- Run the following command to stop all data sources:
/opt/caspida/bin/Caspida stop-datasources
- Wait a few minutes, then run the following command to restart the data sources:
/opt/caspida/bin/Caspida start-datasources
You can also restart each data sources from the Splunk UBA web interface:
- In Splunk UBA, select Manage > Data Sources.
- On the Data Sources page, select the data sources you want to start.
- Click Actions, then select Start.
- Run the following command to stop all data sources:
Change the password for Splunk UBA services | Change the IP address or hostname of your Splunk UBA nodes |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1, 5.1.0, 5.1.0.1, 5.2.0, 5.2.1, 5.3.0, 5.4.0, 5.4.1
Feedback submitted, thanks!