Solved: Re: What access for Windows Splunk User on an inte...

jbrocks · ‎12-10-2018

I need to install a Heavy Forwarder which is used as an intermediate Forwarder on a Windows Server. What access does the Windows user need that is supposed to run Splunk? Thanks! We have Universal Forwarders forwarding AD to the Heavy Forwarder, which takes them by port 9997 and outputs data to the indexers on port 9997.
Do we need domain user for the Heavy Forwarder or Local User?

dkeck · ‎12-10-2018

Did you see this?

maybe it helps https://docs.splunk.com/Documentation/Splunk/7.2.1/Installation/ChoosetheuserSplunkshouldrunas

View solution in original post

dkeck · ‎12-10-2018

Did you see this?

maybe it helps https://docs.splunk.com/Documentation/Splunk/7.2.1/Installation/ChoosetheuserSplunkshouldrunas

jbrocks · ‎12-10-2018

Hi, thanks, yes I still saw this and think a local user should do it, but I am not sure, that's why I am asking.

dkeck · ‎12-10-2018

Please accept answer if it helped 🙂 thank you

dkeck · ‎12-10-2018

local should work

vincenteous · ‎12-10-2018

If you're only using your HF as intermediary server and not for monitoring AD object, a local user should be sufficient enough.

What access for Windows Splunk User on an intermediate Forwarder?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...