On which user my Splunk is running?

varad_joshi · ‎10-01-2017

Not that familiar with *NIX hence the question.

I created the user and group called splunk and then ran Splunk for the first time with splunk user.

Now I want to ensure my Splunk is running as splunk user and not as root.
Can someone help me below command and the output?

-bash-4.2$ ps -af|grep splunk
root 1658 1473 0 22:33 pts/0 00:00:00 su - splunk
splunk 1659 1658 0 22:33 pts/0 00:00:00 -bash
splunk 2121 1659 0 22:36 pts/0 00:00:00 ps -af
splunk 2122 1659 0 22:36 pts/0 00:00:00 grep --color=auto splunk

inventsekar · ‎10-01-2017

I created the user and group called splunk and then ran Splunk for the first time with splunk user //
not sure of this step. can you please explain.. this is on Splunk indexer or Splunk forwarder or..

root 1658 1473 0 22:33 pts/0 00:00:00 su - splunk
i am not sure of why you have to switch user to splunk user.

when you run ps -ef | grep splunk, (please note on your command, you used ps -af".. instead use "ps -ef")
what output you get ?!?!

varad_joshi · ‎10-01-2017

ah okay so I then ran splunk status and it gave me the PID.
I can see the PID is running as splunk user.

I think I got what I was looking for.

Cannot delete the question as its irrelevant now 🙂

On which user my Splunk is running?

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...