Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Regarding different splunk instances have different owner and access groups

ankithreddy777
Contributor
‎10-02-2016 07:40 AM

Hi
I have deployment server and all Splunk instances running under owner A and access group B in linux envirement.
But one of the Splunk universal forwarder which have same access group B do not have permissions to read files that are to be ingested.

The files have owner X and access group Y. But we have a limitation to add owner A or access group B to group Y at our organisation to give Splunk UF access to ingest files. so we thought to install Splunk UF under owner X and access group Y so that it has permissions to read files.

But what are the issues that arise from Splunk UF running under owner X , access group Y and the other splunk instances (deployment server, indexers ,S.H) running under owner A and access group B. Can I proceed with different owner and access group for splunk UF?.

0 Karma
Reply

ddrillic
Ultra Champion
‎10-02-2016 09:27 AM

It's always a bit tricky to implement the access code uniformly across the enterprise, but at the end of the day, all that you need is read access to these files. The system's integrity is not influenced by the fact that the access on certain hosts is implemented a bit differently. Obviously, it's nicer to have a uniform solution, but I wouldn't worry about it too much. We face similar challenges here as well ; - )

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...