Dashboards & Visualizations

Why is the index I created owned by file system root?

KorbinDallas2
Engager

I created a test index and assigned it to the search app using the Splunk Web GUI. On the filesystem a local folder was created (/opt/splunk/etc/apps/search/local). However that local folder is not owned by the splunk local user I created for all Splunk related functions. It is owned by root. How do I change my Splunk settings so that items created using the GUI are owned by splunk and not by root?

myriadic
Path Finder

When you first install splunk, everything in /opt/splunk/ is owned by "splunk".

However, if you're running splunk as root, everything created, from there on out, will be owned by "root".

To change this, stop splunk, run "/opt/splunk/bin/splunk enable boot-start -user splunk", then "chown -R splunk:splunk /opt/splunk" and start splunk back up.

(keep in mind that "splunk" probably won't be able to run on port 80/443 without changing OS permissions)

0 Karma
Get Updates on the Splunk Community!

Notification Email Migration Announcement

The Notification Team is migrating our email service provider from Postmark to AWS Simple Email Service (SES) ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...