Installation

want to replace service account with new one for my Splunk Enterprise installation

AkashNTT
Loves-to-Learn Lots

Hi Friends, i am using Splunk Enterprise  7.1.1.0. During installation My Ex-colleague had used his own user ID and now services are running using his ID. Since he left the Organization i need to replace the user ID with Service account. Please advise what are the places i need to conceder to check and replace the account? for example Splunk services , any database etc. Thank you !

Labels (3)
0 Karma

AkashNTT
Loves-to-Learn Lots

Hi Laurent, thank you for your help. now i am clear what permission required for new service account. Now could you please advise what places Splunk use user account or service account to run the show. e.g. windows services, sql database or anything else? i want to know which places i need to replace/update the new service account?

 

Thank you very much for shedding some light on this !

 

Regards

Akash

0 Karma

AkashNTT
Loves-to-Learn Lots

Anyone can advise on my query ? Thank you !

0 Karma

AkashNTT
Loves-to-Learn Lots

Hi Laurent, 

Thank you so much for your time and valuable advise. Now i understand the Permission requirement as per your provided article. Upgrade looks not possible very soon. Hence advise which places Splunk uses these service account after installation..so for now at list i can replace the old account with new service account.

I have created a service account with same permission as existing one.

Thanks once again for your time !

 

Regards

Akash

0 Karma

llacoste
Path Finder

Hi,

I believe you will find some good information here: https://docs.splunk.com/Documentation/Splunk/8.1.0/Installation/ChoosetheuserSplunkshouldrunas
Maybe the best would be to upgrade your version if you can to a supported version (I know that it's not always possible when working in some companies) and probably be able to change the user at that point when doing the upgrade.

Let me know if that's working/helpful.

Regards

Laurent

0 Karma

AkashNTT
Loves-to-Learn Lots

could you please advise what places Splunk use user account or service account to run the show. e.g. windows services, sql database or anything else? i want to know which places i need to replace/update the new service account?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...