Solved: Re: What access for Windows Splunk User on an inte...

jbrocks · ‎12-10-2018

I need to install a Heavy Forwarder which is used as an intermediate Forwarder on a Windows Server. What access does the Windows user need that is supposed to run Splunk? Thanks! We have Universal Forwarders forwarding AD to the Heavy Forwarder, which takes them by port 9997 and outputs data to the indexers on port 9997.
Do we need domain user for the Heavy Forwarder or Local User?

dkeck · ‎12-10-2018

Did you see this?

maybe it helps https://docs.splunk.com/Documentation/Splunk/7.2.1/Installation/ChoosetheuserSplunkshouldrunas

View solution in original post

dkeck · ‎12-10-2018

Did you see this?

maybe it helps https://docs.splunk.com/Documentation/Splunk/7.2.1/Installation/ChoosetheuserSplunkshouldrunas

jbrocks · ‎12-10-2018

Hi, thanks, yes I still saw this and think a local user should do it, but I am not sure, that's why I am asking.

dkeck · ‎12-10-2018

Please accept answer if it helped 🙂 thank you

dkeck · ‎12-10-2018

local should work

vincenteous · ‎12-10-2018

If you're only using your HF as intermediary server and not for monitoring AD object, a local user should be sufficient enough.

What access for Windows Splunk User on an intermediate Forwarder?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation