Deployment Architecture

Install splunk forwarder on Linux server

aalhabbash1
Path Finder

Hi splunker;

When I install splunk forwarder version 7.2.6 on redhat server version 7.4 successfully installed, but the home directory like /etc and /root change permission from root to splunk, and this is not normal behavior, can anyone help me why this is occurred?

Best Regards;

0 Karma

kairobink
Communicator

What user did the install?

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@aalhabbash1,
Splunk does not change the ownership during installation. It's worth to check whether you have run a chown splunk:splunk after the installation and from which location the command was run. From what you have explained, it looks like the chown was run from / directory

0 Karma

FrankVl
Ultra Champion

Indeed. Sounds like a mistake was made during the installation steps (or a faulty install script was used). Any further info on exactly how you did the installation could help give a more concrete answer.

0 Karma

mattymo
Splunk Employee
Splunk Employee

also be aware of Splunk and systemd interactions:

https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/RunSplunkassystemdservice

- MattyMo
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!