I have setup a deployment server which manages multiple forwarders. All my instances run with user splunk.
When I try to push apps from deployment server to forwarders the owner of the app reflects as "root" which should be splunk otherwise the app doesn't works.
It is very inconvenient to login to each forwarder and change the owner to splunk and restart the service again after the app is pushed.
Any solution for this?
Hello, I've been facing the same issue
where you able to find the reason for this?
Hi
Are your DS and DCs all linux servers or have you Windows DS? If later then you must change your DS to linux.
r. Ismo
Make sure Splunk reboots as user Splunk not root.
Have you verified the ownership of $SPLUNK_HOME/etc/deployment-apps (on the deployment server) and everything within it?
Yes, everything in deployment-apps has owner as "splunk".