Installation

Universal Forwarder logs

engrimranzakir
Explorer

Hi All,

As i install universal forwarder on different pc using local user in domain environment  logs received at Splunk enterprise, when i used domain user it did not. Did someone face this issue ?  

Labels (2)
Tags (1)
0 Karma

engrimranzakir
Explorer

I applied the group policy on other machines but cannot collect logs, while when using local policy on machines no problem in receiving logs.

0 Karma

isoutamo
SplunkTrust
SplunkTrust
0 Karma

tscroggins
Champion

@engrimranzakir 

Splunk Universal Forwarder assumes it is running as SYSTEM; otherwise, you must explicitly grant the user the necessary permissions and rights to both access objects and log on as a service. Did the domain user have the same group memberships and user rights as the local user?

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Introducing ITSI 5.0: Unified Visibility and Actionable Insights

Introducing ITSI 5.0: Unified Visibility and Actionable Insights Tuesday, July 21, 2026  |  10:00AM PT / ...

Inside Splunk Agent Observability: Understanding Agent Behavior, Tokens & Costs

Inside Splunk Agent Observability:Understanding Agent Behavior, Tokens & Costs Thursday, August 06, ...

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...