Apps deployed on forwarders from deployment server...

deovratdeshmukh · ‎07-22-2020

I have setup a deployment server which manages multiple forwarders. All my instances run with user splunk.

When I try to push apps from deployment server to forwarders the owner of the app reflects as "root" which should be splunk otherwise the app doesn't works.

It is very inconvenient to login to each forwarder and change the owner to splunk and restart the service again after the app is pushed.

Any solution for this?

Omar_hh77 · ‎06-05-2023

Hello, I've been facing the same issue

where you able to find the reason for this?

isoutamo · ‎06-05-2023

Hi

Are your DS and DCs all linux servers or have you Windows DS? If later then you must change your DS to linux.

r. Ismo

mhotsi · ‎08-26-2021

Make sure Splunk reboots as user Splunk not root.

richgalloway · ‎07-22-2020

Have you verified the ownership of $SPLUNK_HOME/etc/deployment-apps (on the deployment server) and everything within it?

---
If this reply helps you, Karma would be appreciated.

deovratdeshmukh · ‎07-22-2020

Yes, everything in deployment-apps has owner as "splunk".

Apps deployed on forwarders from deployment server has owner root

configuration

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases