How to Recover admin password of Splunk

Case 1 (If you are on Splunk 7.1 or prior) :-

1. Rename the file passwd in directory $SPLUNK_HOME/etc to passwd.bkp
2. Restart the splunk service
3. Login using username "admin" and password "changeme"
   

 Case 2 (If you are on Splunk 7.1+) :-

1. Rename the file passwd in directory $SPLUNK_HOME/etc to passwd.bkp
2. Create a file $SPLUNK_HOME/etc/system/local/user-seed.conf.
3. Sample content :
   

   [user_info]
   USERNAME = admin
   PASSWORD =P@ssw0rd  

   
   
4. Restart the splunk service. This will generate a new passwd file.
5. Now login using username "admin" and password "P@ssw0rd"

Note:- $SPLUNK_HOME is usually you splunk installation directory . For windows, it could be "C:\Program File\Splunk" and for linux , it could be in "/opt/splunk" .

 

Reference :- https://community.splunk.com/t5/Security/Splunk-Admin-Password/m-p/326020