Running the Splunk process as a splunk user on Linux, where did you install Splunk?

brent_weaver — Sun, 16 Aug 2015 20:52:36 GMT

I am installing Splunk as a splunk user. I have it all down, but what directory are people installing it in? Using /opt does not seem like a good idea because you then need to make the /opt dir 775 or 777 depending on who owns /opt...

I welcome to hear where others are installing it. Thanks!

Re: Running the Splunk process as a splunk user on Linux, where did you install Splunk?

grijhwani — Sun, 16 Aug 2015 21:40:39 GMT

You have touched on my biggest gripe with Splunk's system architecture. /opt/splunk is a perfectly valid place to install Splunk, owned by the splunk user. However you should be a superuser to perform the installation. Furthermore - and this is the basis of my objection - you also have to run the entire Splunk instance with root privileges if you want inputs from system logs (unless, of course, you open up the file permissions). Kind of rock/hard place situation.

(You'd think by now Splunk would have broken it down into the main engine and indexes dropping itself down to unprivileged status, and running a micro-service talking through the socket stack purely for accessing privileged logs.)

Here's a typical install

drwxr-xr-x  5 root   root   4096 May  9  2014 /opt
drwxr-xr-x 10 splunk splunk 4096 Jul 13 13:22 /opt/splunk

755 permission, and root ownership on /opt is perfectly normal.

topic Running the Splunk process as a splunk user on Linux, where did you install Splunk? in Deployment Architecture

Running the Splunk process as a splunk user on Linux, where did you install Splunk?

Re: Running the Splunk process as a splunk user on Linux, where did you install Splunk?