Deployment Architecture

When your universal forwarder runs as root, should all of your apps run as root?


If so, does that mean your deployment server should run as root also? It keeps deploying client apps as "splunk"

0 Karma


Best practice is to run splunk as a user other than root.

If your universal forwarder is running with root/admin privileges you shouldn't have any issues with communication between it and your indexer.

Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.