Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Regarding different splunk instances have different owner and access groups

ankithreddy777
Contributor
‎10-02-2016 07:40 AM

Hi
I have deployment server and all Splunk instances running under owner A and access group B in linux envirement.
But one of the Splunk universal forwarder which have same access group B do not have permissions to read files that are to be ingested.

The files have owner X and access group Y. But we have a limitation to add owner A or access group B to group Y at our organisation to give Splunk UF access to ingest files. so we thought to install Splunk UF under owner X and access group Y so that it has permissions to read files.

But what are the issues that arise from Splunk UF running under owner X , access group Y and the other splunk instances (deployment server, indexers ,S.H) running under owner A and access group B. Can I proceed with different owner and access group for splunk UF?.

0 Karma
Reply

ddrillic
Ultra Champion
‎10-02-2016 09:27 AM

It's always a bit tricky to implement the access code uniformly across the enterprise, but at the end of the day, all that you need is read access to these files. The system's integrity is not influenced by the fact that the access on certain hosts is implemented a bit differently. Obviously, it's nicer to have a uniform solution, but I wouldn't worry about it too much. We face similar challenges here as well ; - )

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...