Solved: What is the access/account type needed for splunk ...

dban2005 · ‎01-18-2018

I have few linux servers reporting to a splunk indexer. While installing the UF on the linux servers, the splunk user has been created automatically and we are running the splunk service using that splunk user. As it created the splunk user with home directory as /opt/splunkforwarder, we need to maintain it for security reason. Can someone please advise in which of the following category this UF splunk user should considered?

Category a: user with ssh shell access
Category b: user with scp/sftp access
Category c: access with su to non-root users
Category d: access with su to root

I do not think I can categorized with any of the above. If not, then how I can define the splunk user with respect to the linux servers where the UF has been installed.

nickhills · ‎01-19-2018

By default the splunk user will not have any remote access to your server, and will have no sudo/root access.

It is by design a "standard" non privileged user.

If my comment helps, please give it a thumbs up!

View solution in original post

dban2005 · ‎03-27-2018

Thanks for your respond; created a category 0 to accommodate the requirement.

nickhills · ‎01-19-2018

By default the splunk user will not have any remote access to your server, and will have no sudo/root access.

It is by design a "standard" non privileged user.

If my comment helps, please give it a thumbs up!

What is the access/account type needed for splunk user in linux to use universal fowarder?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms