All Apps and Add-ons

Local System account or domain user account

New Member

Setting up Splunk for the first time, was wondering if I could get some advice. I have to install it as a local system account or domain user. What is the most common method used by administrators? My infrastructure is as follows;

Four physical host for vmware infrastructure, each host has 256 GB RAM and 16 cores, so hosts are hardly being taxed,50-55 virtual servers, Compellent SAN with 15k drives at tier 1, and 7200k drives at tier 3, Cisco ASA5525-X

I will be the only one looking at the logs and running any reports, so just one user. We have the lowest Splunk license of 500mb.

My initial thought was to install as a local system account, then put the universal forwarder on my servers to send logs to the splunk server? This is the first time I have set up any type of syslog server, and would appreciate some insight to get me started down the right path, thanks.

0 Karma

New Member

Just want to add one more point, If you want to monitor any network shared folder with UNC path then install as a Domain User Acount.

0 Karma


You don't need to be confused. Are you suggesting about the parameter where you install the forwarder/instance?

We would require admin permission while installing splunk for sure. If you provide any domain user name to run your services then you need to provide the user/password. Your Splunkd and splunkweb will run under that. This case is required if you have any remotely accessed log/files that exists in some other server. The account should have access through out the landscape.

If you will monitor in the same machine as well the account should have access to all the resources. If the local account has all the right permission then it can also be used.


0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...