Installation

Universal Forwarder logs

engrimranzakir
Explorer

Hi All,

As i install universal forwarder on different pc using local user in domain environment  logs received at Splunk enterprise, when i used domain user it did not. Did someone face this issue ?  

Labels (2)
Tags (1)
0 Karma

engrimranzakir
Explorer

I applied the group policy on other machines but cannot collect logs, while when using local policy on machines no problem in receiving logs.

0 Karma

isoutamo
SplunkTrust
SplunkTrust
0 Karma

tscroggins
Motivator

@engrimranzakir 

Splunk Universal Forwarder assumes it is running as SYSTEM; otherwise, you must explicitly grant the user the necessary permissions and rights to both access objects and log on as a service. Did the domain user have the same group memberships and user rights as the local user?

Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...