I have a Splunk forwarder under oraepm functional user and I am trying to read logs that are owned by a different functional userid.
Do I need to install one more Splunk forwarder with the new userid?
Others will probably disagree with me, but a Universal Forwarder should run as a privileged account or member of a privileged group.
If that is not palatable to you or your organization then add oraepm to the group which ownes the logs it cannot read.
Installing more than one forwarder on a system is complicated and usually doesn't work as expected.
The preferred solution is to use ACLs to grant user oraepm read access to the logs.
thank you I have grant user oraepm read access to the logs.
Others will probably disagree with me, but a Universal Forwarder should run as a privileged account or member of a privileged group.
If that is not palatable to you or your organization then add oraepm to the group which ownes the logs it cannot read.
thank you I have grant user oraepm read access to the logs.