All Apps and Add-ons

AWS AMI leads to rooted out of Splunk

New Member

I just installed the AWS AMI for Splunk and it worked fine, till I tried to run CLIs through $SPLUNKHOME/bin and add scripted data input by customizing inputs.conf
The $SPLUNK
HOME directory is not accessible by ec2-user so I am wondering if there is a way to gain access to that...
Any pointers appreciated,

  • V
Tags (2)
0 Karma

New Member

Got to /opt/splunk
if you logged in as ec2-user, you cannot edit or make directory, so you need to sudo su as root.
sudo su root

Now you are all set

0 Karma

SplunkTrust
SplunkTrust

The ec2-user should be a sudoer, so try sudo su the-user-running-splunk

Influencer

$SPLUNK_HOME refers to the installation directory, which is not necessarily the same as the home directory of the user. On Linux by default the installation directory is /opt/splunk

New Member

I guess its not about root access, but some kind of AWS Authorization.
When I go into the folder /home/splunk , there are only dot files and .splunk.
Within .splunk only one token:
authToken_ip-

perhaps its more about AWS IAM... any ideas?

Thanks...

  • V
0 Karma