Whenever I am trying to login to splunk through docker image , the default user is ansible beacsue of that I am not able to access logs and var directory in splunk .
And not permitted to create a new directory too
kindly suggest.
You will need to update your makefile if building your own image, and set the Splunk user.
If using a Splunk supported image, set the Splunk user as a parameter in your run command (-e "SPLUNK_USER=splunk"), e.g.
I added SPLUNK_USER=splunk to the docker-compose yml file and restarted the container.
Here is the environment.
[ansible@28f74f55c15a splunk]$ env
LANG=C.utf8
HOSTNAME=28f74f55c15a
ANSIBLE_USER=ansible
SPLUNK_HEC_TOKEN=test1234
container=oci
SPLUNK_HOME=/opt/splunk
CONTAINER_ARTIFACT_DIR=/opt/container_artifact
PWD=/opt/splunk
HOME=/home/ansible
SPLUNK_DEFAULTS_URL=
SPLUNK_GROUP=splunk
SPLUNK_ANSIBLE_HOME=/opt/ansible
TERM=xterm
SPLUNK_ROLE=splunk_standalone
SPLUNK_PASSWORD=A#123#aaa
PYTHON_GPG_KEY_ID=####
TMPSPLUNKDIR=/opt/splunk/tmp
PYTHON_VERSION=3.7.10
ANSIBLE_GROUP=ansible
SPLUNK_START_ARGS=--accept-license
TMPETCDIR=/opt/splunk/tmp/etc
SHLVL=1
SPLUNK_USER=splunk
PATH=/home/ansible/.local/bin:/home/ansible/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env
[ansible@28f74f55c15a splunk]$ whoami
ansible
There is no change in from ansible to splunk. Due to this unable to browse some /opt/splunk files as facing persmission issue. Not sure what other changed needed to environment file. Please check