All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

AWS AMI leads to rooted out of Splunk

vman_me
New Member
‎07-07-2015 02:37 PM

I just installed the AWS AMI for Splunk and it worked fine, till I tried to run CLIs through $SPLUNK_HOME/bin and add scripted data input by customizing inputs.conf
The $SPLUNK_HOME directory is not accessible by ec2-user so I am wondering if there is a way to gain access to that...
Any pointers appreciated,

  • V
Tags (2)
0 Karma
Reply

sudarshan0204
New Member
‎05-16-2020 02:03 PM

Got to /opt/splunk
if you logged in as ec2-user, you cannot edit or make directory, so you need to sudo su as root.
sudo su root

Now you are all set

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎07-07-2015 02:54 PM

The ec2-user should be a sudoer, so try sudo su the-user-running-splunk

Reply

acharlieh
Influencer
‎07-07-2015 05:49 PM

$SPLUNK_HOME refers to the installation directory, which is not necessarily the same as the home directory of the user. On Linux by default the installation directory is /opt/splunk

Reply

vman_me
New Member
‎07-07-2015 04:52 PM

I guess its not about root access, but some kind of AWS Authorization.
When I go into the folder /home/splunk , there are only dot files and .splunk.
Within .splunk only one token:
authToken_ip-

perhaps its more about AWS IAM... any ideas?

Thanks...

  • V
0 Karma
Reply
Get Updates on the Splunk Community!