The docs mention installs need to be done as root (but don't really explain why) - http://docs.splunk.com/Documentation/Splunk/6.2.0/Installation/RunSplunkasadifferentornon-rootuser
Some answers refer to the need to provide, to the user running splunk, access to /dev/urandom, though it isn't clear why that's necessary (encryption?) - http://answers.splunk.com/answers/49153/install-splunk-as-non-root-user.html
What aspects of the installation of splunk require root privileges? For the more security conscious sysadmins out there, being able to install splunk without opening the root kimono would be much more preferable.
BTW, as a test, I installed splunk as a non-root user (on a host where splunk was already installed), then brought up this new instance as that user, and verified there weren't any errors during startup. I also verified that i could login to the UI and do basic navigation. So at first glance, it looks like the root privileges aren't a requirement. Then again, this was far from a thorough shake-out test, and could've missed something.
... View more