I have installed the Windows universal forwarder to send local data only. Now I want to configure it to run as a different user so that I can use Windows Auth to query a database. Which configuration file should I modify to change the user and is there an example config stanza I could copy?
actually on Windows UF you should only need to changes the splunkd service account in windows services.msc and the account should have those user rights assignments :
Full control over Splunk's installation directory
Read access to any flat files you want to index
Permission to log on as a service
Permission to log on as a batch job
Permission to replace a process-level token
Permission to act as part of the operating system
Permission to bypass traverse checking
Thanks! I didn't even think to just look in Services in Server Manager.
This isn't documented anywhere as far as I could find. Splunk Team: Would be a good thing to add! 🙂