I need to install a Heavy Forwarder which is used as an intermediate Forwarder on a Windows Server. What access does the Windows user need that is supposed to run Splunk? Thanks! We have Universal Forwarders forwarding AD to the Heavy Forwarder, which takes them by port 9997 and outputs data to the indexers on port 9997.
Do we need domain user for the Heavy Forwarder or Local User?
Did you see this?
maybe it helps https://docs.splunk.com/Documentation/Splunk/7.2.1/Installation/ChoosetheuserSplunkshouldrunas
Did you see this?
maybe it helps https://docs.splunk.com/Documentation/Splunk/7.2.1/Installation/ChoosetheuserSplunkshouldrunas
Hi, thanks, yes I still saw this and think a local user should do it, but I am not sure, that's why I am asking.
Please accept answer if it helped 🙂 thank you
local should work
If you're only using your HF as intermediary server and not for monitoring AD object, a local user should be sufficient enough.