I have setup a deployment server which manages multiple forwarders. All my instances run with user splunk. When I try to push apps from deployment server to forwarders the owner of the app reflects as "root" which should be splunk otherwise the app doesn't works. It is very inconvenient to login to each forwarder and change the owner to splunk and restart the service again after the app is pushed. Any solution for this? ... View more

I have a requirement where I need to collect logs from Openstack cloud and forward them to in-premise Splunk Enterprise instance. What is the procedure? Do I need to install forwarders in cloud? If yes how and where? ... View more