Getting Data In

Can I create a minimum capability user role on a Linux Universal Forwarder so events can be accepted and forwarded to the indexer?

Path Finder

I have a Linux Universal Forwarder that will be receiving events via the REST interface's simple receiver.

https://linuxUF:8089/services/receivers/simple?host=xxx&source=xxx&index=xxx&sourcetype=xxx&check-in...

Can I set up a minimum capability role (i.e. not admin) user on the UF so that events can be accepted and forwarded to the indexer? I'd like to create a local user on the UF, and give that user this role.

0 Karma

SplunkTrust
SplunkTrust

Hi wardallen,

I don't think this is possible using an universal forwarder, but you can try and report back 😉
If it is not working, use a so called heavy forwarder and create the user on it.

cheers, MuS

0 Karma