Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
395 results
Sort by:
04-28-2017
04:23 AM
Can I Install Splunk Enterprise as a non-root user, run Splunk Enterprise as a non-root user, as well as listen directly on a port below 1024?
- Tags:
- splunk-enterprise
01-31-2023
03:07 AM
Hello, I am having troubles with the installation of Splunk Enterprise as non-root user. I think it may be some kind of problem with Red Hat Enterprise v9 or maybe systemd. Online, even in the d...
- Tags:
- rhel9
- splunk-search
07-15-2014
09:50 AM
7 Karma
Should we run Splunk as root or non-root user? Which way is better?
Thanks
-Ha
Show results in replies (3)
-
...Splunkasadifferentornon-rootuser In section "Run Splunk Enterprise as a different or non-root user...
-
...orming or justifying our own policy. All I have found so far is Run Splunk Enterprise as a different or...
-
Best practice in general is to run applications as non-admin users whenever possible. This is a d...
04-14-2019
08:15 PM
Hi,
I want to run splunk-universalforwarder with non-root user. I created my own docker image and tried to run it.
But when I run the docker image and it return error as "sh: 1: cannot c...
12-04-2023
08:38 AM
I have installed Splunk Enterprise free trial into a VM as a root user. I know the best practice is to avoid using root to run as Splunk in case the underlying OS gets compromised and then the h...
Labels
- Labels:
-
installation
07-21-2020
03:10 PM
I've been working on remediating this vulnerability https://www.splunk.com/view/SP-CAAAP3M "Potential Local Privilege Escalation through instructions to run Splunk as non-root user" and t...
The Splunk indexer and forwarders in my environment are configured to run as the "splunk" user for security reasons. Of course, this means that Splunk can no longer read root owned log files. The f...
Show results in replies (9)
-
By combining the above provided solutions and to share with all with how I have implemented is as p...
-
As written below for the other answers on setfacl: do not set the x-bit on the files. They are n...
-
...use: [httpServer] disableDefaultPort = true We set this in a special deployment app for a...
-
You should keep in mind, that this way you allow splunk to read each and every log file after r...
-
I like the idea of using this dummy file to get up and running. One additional hint: it's better n...
-
...entOS 6.9): Create file vi /etc/logrotate.d/Splunk_ACLs and populate with the logs you'd l...
-
I just get the error lines must begin with a keyword or a filename (possibly in double quotes) w...
-
The above by quixand worked for me as well on Redhat/CentOS. We also added the -d and -R flag to t...
-
...llow-a-user-read-access-to-a-log-file/780226#780226
08-17-2017
10:37 AM
How to monitor root-owned logs while running Splunk as a non-root user for Amazon Linux AMI?
what are the permission required for non-root user to run the environment ?
03-22-2015
01:30 PM
...t under the splunk user, or the user set in the /etc/init.d/splunk script which is irrelevant here I think) :
root@ubuntu:/opt/splunk/bin# ./splunk start
Splunk> All batbelt. No tights....
07-18-2018
07:42 AM
I have a single instance Splunk Enterprise 7.1.2 on Linux. I have used a non-root user "splunk" & group "splunk" to install Splunk. At the time of install i made sure to run "chown -R splunk...
