Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How can I change the user as which the Windows uni...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
afternoon
Engager
08-03-2011
10:32 AM
I have installed the Windows universal forwarder to send local data only. Now I want to configure it to run as a different user so that I can use Windows Auth to query a database. Which configuration file should I modify to change the user and is there an example config stanza I could copy?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MarioM
Motivator
08-03-2011
10:58 AM
actually on Windows UF you should only need to changes the splunkd service account in windows services.msc and the account should have those user rights assignments :
Full control over Splunk's installation directory
Read access to any flat files you want to index
Permission to log on as a service
Permission to log on as a batch job
Permission to replace a process-level token
Permission to act as part of the operating system
Permission to bypass traverse checking
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
neklov
New Member
09-20-2011
04:11 AM
The information above can be found: http://docs.splunk.com/Documentation/Splunk/latest/Deploy/DeployaWindowsdfviathecommandline
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MarioM
Motivator
08-03-2011
10:58 AM
actually on Windows UF you should only need to changes the splunkd service account in windows services.msc and the account should have those user rights assignments :
Full control over Splunk's installation directory
Read access to any flat files you want to index
Permission to log on as a service
Permission to log on as a batch job
Permission to replace a process-level token
Permission to act as part of the operating system
Permission to bypass traverse checking
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
afternoon
Engager
08-03-2011
11:21 AM
Thanks! I didn't even think to just look in Services in Server Manager.
This isn't documented anywhere as far as I could find. Splunk Team: Would be a good thing to add! 🙂
Get Updates on the Splunk Community!
Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...
This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Splunk Community Badges!
Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...
What You Read The Most: Splunk Lantern’s Most Popular Articles!
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
