Getting Data In
Highlighted

How can I change the user as which the Windows universal forwarder runs?

Engager

I have installed the Windows universal forwarder to send local data only. Now I want to configure it to run as a different user so that I can use Windows Auth to query a database. Which configuration file should I modify to change the user and is there an example config stanza I could copy?

Highlighted

Re: How can I change the user as which the Windows universal forwarder runs?

Motivator

actually on Windows UF you should only need to changes the splunkd service account in windows services.msc and the account should have those user rights assignments :

Full control over Splunk's installation directory

Read access to any flat files you want to index

Permission to log on as a service

Permission to log on as a batch job

Permission to replace a process-level token

Permission to act as part of the operating system

Permission to bypass traverse checking

View solution in original post

Highlighted

Re: How can I change the user as which the Windows universal forwarder runs?

Engager

Thanks! I didn't even think to just look in Services in Server Manager.

This isn't documented anywhere as far as I could find. Splunk Team: Would be a good thing to add! 🙂

0 Karma
Highlighted

Re: How can I change the user as which the Windows universal forwarder runs?

New Member
0 Karma