I'm installing a forwarder but I don't really need an admin account as I rarely ever login to forwarders. What's the recommended way to install Splunk?
You can start up Splunk with the --no-prompt flag and Splunk will be started up with no users. This way your Splunk deployment can continue to forward data and for security's sake, no one would be able to login. See the docs for a full explanation. http://docs.splunk.com/Documentation/Splunk/7.1.0/Security/Secureyouradminaccount#Create_a_password_...
View solution in original post