Hi All,
As i install universal forwarder on different pc using local user in domain environment logs received at Splunk enterprise, when i used domain user it did not. Did someone face this issue ?
I applied the group policy on other machines but cannot collect logs, while when using local policy on machines no problem in receiving logs.
Have you check that your policy contains at least these?
Also check that user has read access to files and directories.
r. Ismo
Splunk Universal Forwarder assumes it is running as SYSTEM; otherwise, you must explicitly grant the user the necessary permissions and rights to both access objects and log on as a service. Did the domain user have the same group memberships and user rights as the local user?