topic Re: On which user my Splunk is running? in Getting Data In

On which user my Splunk is running?

varad_joshi — Sun, 01 Oct 2017 18:50:41 GMT

Not that familiar with *NIX hence the question.

I created the user and group called splunk and then ran Splunk for the first time with splunk user.

Now I want to ensure my Splunk is running as splunk user and not as root.
Can someone help me below command and the output?

-bash-4.2$ ps -af|grep splunk
root 1658 1473 0 22:33 pts/0 00:00:00 su - splunk
splunk 1659 1658 0 22:33 pts/0 00:00:00 -bash
splunk 2121 1659 0 22:36 pts/0 00:00:00 ps -af
splunk 2122 1659 0 22:36 pts/0 00:00:00 grep --color=auto splunk

Re: On which user my Splunk is running?

varad_joshi — Sun, 01 Oct 2017 19:04:18 GMT

ah okay so I then ran splunk status and it gave me the PID.
I can see the PID is running as splunk user.

I think I got what I was looking for.

Cannot delete the question as its irrelevant now 🙂

Re: On which user my Splunk is running?

inventsekar — Sun, 01 Oct 2017 22:42:02 GMT

I created the user and group called splunk and then ran Splunk for the first time with splunk user //
not sure of this step. can you please explain.. this is on Splunk indexer or Splunk forwarder or..

root 1658 1473 0 22:33 pts/0 00:00:00 su - splunk
i am not sure of why you have to switch user to splunk user.

when you run ps -ef | grep splunk, (please note on your command, you used ps -af".. instead use "ps -ef")
what output you get ?!?!