I have created a "sendtoindexer" app following Splunk App for Windows Infrastructure 1.4 documentation and I cannot seem to get the outputs.conf file to push down to the deployment client. The app is showing as installed from the deployment server but I do not see any outputs.conf file on the deployment client. The rest of the folders and files of the app exist on the client but no outputs.conf.
I have restarted Splunk services on the deployment client, reloaded the deployment server, and restarted Splunk on the deployment server but outputs.conf will not push down to the deployment client.
Thanks in advance.
Looking in splunkd logs I have found my issue but I am not sure why I am running into these permissions issues..
11-30-2016 16:11:03.548 -0500 ERROR Archiver - Failed to open file="C:\Program Files\Splunk\etc\deployment-apps\sendtoindexer\local\outputs.conf": Access is denied.
I have fixed this issue by adding SYSTEM to have full control of the file, but moving forward how do I prevent this when creating additional files?
What use is Splunk running as? Local System?
Splunk is running as local system.