Splunk® User Behavior Analytics

Administer Splunk User Behavior Analytics

Change the password for a data source

For security purposes, you may have a password management system or corporate requirement to periodically change your Splunk search head password. Your Splunk UBA data sources must also be edited to use any updated passwords as needed.

Run the change-ds-splunk-passwd.sh script in Splunk UBA to change a data source's password:

  1. Log in to the management node of your Splunk UBA deployment as the caspida user.
  2. Run the change-ds-splunk-passwd.sh command:
    /opt/caspida/bin/postinstall/change-ds-splunk-passwd.sh -u <username> -s <splunk_server:8089> -p '<new_password>'
    

    Be sure to include the single quotes around the new password. For example, to reset the password for the uba_svc data source to caspida123:

    /opt/caspida/bin/postinstall/change-ds-splunk-passwd.sh -u uba_svc -s  examplecompany.splunkcloud.com:8089 -p 'caspida123'
    

    Use the help option for the change-ds-splunk-passwd.sh command to view additional options:

    /opt/caspida/bin/postinstall/change-ds-splunk-passwd.sh -h
  3. Stop and restart all the data sources.
    1. Run the following command to stop all data sources:
      /opt/caspida/bin/Caspida stop-datasources
    2. Wait a few minutes, then run the following command to restart the data sources:
      /opt/caspida/bin/Caspida start-datasources

    You can also restart each data sources from the Splunk UBA web interface:

    1. In Splunk UBA, select Manage > Data Sources.
    2. On the Data Sources page, select the data sources you want to start.
    3. Click Actions, then select Start.
Last modified on 11 November, 2020
Change the password for Splunk UBA services   Change the IP address or hostname of your Splunk UBA nodes

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1, 5.1.0, 5.1.0.1, 5.2.0, 5.2.1, 5.3.0, 5.4.0, 5.4.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters