Dashboards & Visualizations

Why is the index I created owned by file system root?

KorbinDallas2
Engager

I created a test index and assigned it to the search app using the Splunk Web GUI. On the filesystem a local folder was created (/opt/splunk/etc/apps/search/local). However that local folder is not owned by the splunk local user I created for all Splunk related functions. It is owned by root. How do I change my Splunk settings so that items created using the GUI are owned by splunk and not by root?

myriadic
Path Finder

When you first install splunk, everything in /opt/splunk/ is owned by "splunk".

However, if you're running splunk as root, everything created, from there on out, will be owned by "root".

To change this, stop splunk, run "/opt/splunk/bin/splunk enable boot-start -user splunk", then "chown -R splunk:splunk /opt/splunk" and start splunk back up.

(keep in mind that "splunk" probably won't be able to run on port 80/443 without changing OS permissions)

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...