Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How can I change the user as which the Windows universal forwarder runs?

afternoon
Engager
‎08-03-2011 10:32 AM

I have installed the Windows universal forwarder to send local data only. Now I want to configure it to run as a different user so that I can use Windows Auth to query a database. Which configuration file should I modify to change the user and is there an example config stanza I could copy?

Reply
1 Solution
Solved! Jump to solution
Solution

MarioM
Motivator
‎08-03-2011 10:58 AM

actually on Windows UF you should only need to changes the splunkd service account in windows services.msc and the account should have those user rights assignments :

Full control over Splunk's installation directory

Read access to any flat files you want to index

Permission to log on as a service

Permission to log on as a batch job

Permission to replace a process-level token

Permission to act as part of the operating system

Permission to bypass traverse checking

View solution in original post

Reply
Solved! Jump to solution

neklov
New Member
‎09-20-2011 04:11 AM

The information above can be found: http://docs.splunk.com/Documentation/Splunk/latest/Deploy/DeployaWindowsdfviathecommandline

0 Karma
Reply
Solved! Jump to solution
Solution

MarioM
Motivator
‎08-03-2011 10:58 AM

actually on Windows UF you should only need to changes the splunkd service account in windows services.msc and the account should have those user rights assignments :

Full control over Splunk's installation directory

Read access to any flat files you want to index

Permission to log on as a service

Permission to log on as a batch job

Permission to replace a process-level token

Permission to act as part of the operating system

Permission to bypass traverse checking

Reply
Solved! Jump to solution

afternoon
Engager
‎08-03-2011 11:21 AM

Thanks! I didn't even think to just look in Services in Server Manager.

This isn't documented anywhere as far as I could find. Splunk Team: Would be a good thing to add! 🙂

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Splunk Observability Metrics Cost Optimization

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...