Deployment Architecture

Splunk UF Docker Image root process writing splunkd's stderr.log to stdout

brent_weaver
Builder

Hello all... I am trying to use the docker container and it is starting a process under root that writes the splunkd stderr file to stdout, but as root:

 

 splunk tail -n 0 -f /opt/splunkforwarder/var/log/splunk/splunkd_stderr.log

 

How do I get that process to NOT start? We have a requirement that we cannot run processes as root in our containers. How do I either change the user running this process or stop it altogether? I get it that this means we will not get stderr.log files from the uf.

Any help is much appreciated.

Labels (1)
Tags (1)
0 Karma

kiragsplunk
Explorer

if you use splunk user as user account, please go ahead and change permission.

#chown -R splunk:splunk /opt/splunkforwarder

Hope this helps

0 Karma

brent_weaver
Builder
Spoiler
Hey thanks for the response. Splunk already running as splunk user and is owned by splunk. This seems to be a docker config that jobs off a tail of the log file.
0 Karma