Dashboards & Visualizations

Why is the index I created owned by file system root?

KorbinDallas2
Engager

I created a test index and assigned it to the search app using the Splunk Web GUI. On the filesystem a local folder was created (/opt/splunk/etc/apps/search/local). However that local folder is not owned by the splunk local user I created for all Splunk related functions. It is owned by root. How do I change my Splunk settings so that items created using the GUI are owned by splunk and not by root?

myriadic
Path Finder

When you first install splunk, everything in /opt/splunk/ is owned by "splunk".

However, if you're running splunk as root, everything created, from there on out, will be owned by "root".

To change this, stop splunk, run "/opt/splunk/bin/splunk enable boot-start -user splunk", then "chown -R splunk:splunk /opt/splunk" and start splunk back up.

(keep in mind that "splunk" probably won't be able to run on port 80/443 without changing OS permissions)

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!