Getting Data In
Highlighted

Run universal forwarder in Docker as unprivileged account

Engager

I am trying to run the universal forwarder in OpenShift which by default doesn't allow containers to run with a privileged account.

I have read other threads related to this, but none of them provide a solution.

When I run the splunk universal forwarder image like so:
docker run --rm -it -u 1001 -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_PASSWORD=pwd -e SPLUNK_HOST=splunkhost:9997 -e SPLUNK_INDEX_NAME=sample splunk/universalforwarder:7.3-redhat

I get this output:

sh: /opt/container_artifact/splunk-container.state: Permission denied
ERROR: Couldn't read "/opt/splunkforwarder/etc/splunk-launch.conf" -- maybe $SPLUNK_HOME or $SPLUNK_ETC is set wrong?

Tags (2)
Highlighted

Re: Run universal forwarder in Docker as unprivileged account

Motivator

You'll need to update your Makefile and rebuild your Docker image.

I've just recently answered a similar question that should help you:

https://answers.splunk.com/answers/789462/docker-image-search-cluster-configuration-fails-in.html?ch...

0 Karma