Deployment Architecture

Install splunk forwarder on Linux server

Path Finder

Hi splunker;

When I install splunk forwarder version 7.2.6 on redhat server version 7.4 successfully installed, but the home directory like /etc and /root change permission from root to splunk, and this is not normal behavior, can anyone help me why this is occurred?

Best Regards;

0 Karma


What user did the install?

0 Karma


Splunk does not change the ownership during installation. It's worth to check whether you have run a chown splunk:splunk after the installation and from which location the command was run. From what you have explained, it looks like the chown was run from / directory

0 Karma

Ultra Champion

Indeed. Sounds like a mistake was made during the installation steps (or a faulty install script was used). Any further info on exactly how you did the installation could help give a more concrete answer.

0 Karma

Splunk Employee
Splunk Employee

also be aware of Splunk and systemd interactions:

- MattyMo
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!