All Apps and Add-ons

Splunk add-on for *nix: Can scripted input rlog.sh be enabled if Splunk user is run as non root user?

kheli
Path Finder

Can we enable this scripted input if the user splunk is run as non root user?

Any workaround if we have to run splunk as non root user?

segu
Explorer

Yes that's possible. You have to do two things:

  1. Comment the line assertInvokerIsSuperuser in the rlog.sh, so no super-user check is done.
  2. Give the user that is running splunk read-access to the audit.log, e.g. /var/log/audit/audit.log in RedHat.
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...