All Apps and Add-ons

AWS AMI leads to rooted out of Splunk

vman_me
New Member

I just installed the AWS AMI for Splunk and it worked fine, till I tried to run CLIs through $SPLUNK_HOME/bin and add scripted data input by customizing inputs.conf
The $SPLUNK_HOME directory is not accessible by ec2-user so I am wondering if there is a way to gain access to that...
Any pointers appreciated,

  • V
Tags (2)
0 Karma

sudarshan0204
New Member

Got to /opt/splunk
if you logged in as ec2-user, you cannot edit or make directory, so you need to sudo su as root.
sudo su root

Now you are all set

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

The ec2-user should be a sudoer, so try sudo su the-user-running-splunk

acharlieh
Influencer

$SPLUNK_HOME refers to the installation directory, which is not necessarily the same as the home directory of the user. On Linux by default the installation directory is /opt/splunk

vman_me
New Member

I guess its not about root access, but some kind of AWS Authorization.
When I go into the folder /home/splunk , there are only dot files and .splunk.
Within .splunk only one token:
authToken_ip-

perhaps its more about AWS IAM... any ideas?

Thanks...

  • V
0 Karma