Hello,
We have remote linux servers with universal forwarders already installed by root, we are not admin of these servers and we don't even have a user for us to connect on these servers either. We would like to be able to access the servers as basic users, for instance with a "splunk" user, manage the forwarder configuration and use the splunk command lines (splunk start/restart/btool etc...) with this user, without requiring admin rights.
How can we achieve that ?
I guess we first need the "splunk" user to be created on the servers with a password so that we can at least access the machines.
Then do we just need to change the boot-start configuration and the owner of the forwarder file system ?
/opt/splunk/splunkforwarder/bin/splunk enable boot-start -user splunk
chown -R splunk /opt/splunk/splunkforwarder
And now we should be able to manipulate the forwarder as we want without admin rights, right ?
We wish we had a spare linux server to test this on but sadly we don't have any means to do this...
Thank you for your help !
Hi @performancemoni ,
did you already seen this: https://docs.splunk.com/Documentation/Splunk/8.0.4/Installation/RunSplunkasadifferentornon-rootuser
I have only one hint for you: before start, check if the splunk user can access all the files to monitor and execute all the scripts you have.
Ciao.
Giuseppe