Hello all... I am trying to use the docker container and it is starting a process under root that writes the splunkd stderr file to stdout, but as root:
splunk tail -n 0 -f /opt/splunkforwarder/var/log/splunk/splunkd_stderr.log
How do I get that process to NOT start? We have a requirement that we cannot run processes as root in our containers. How do I either change the user running this process or stop it altogether? I get it that this means we will not get stderr.log files from the uf.
Any help is much appreciated.
if you use splunk user as user account, please go ahead and change permission.
#chown -R splunk:splunk /opt/splunkforwarder
Hope this helps