Hi
I have deployment server and all Splunk instances running under owner A and access group B in linux envirement.
But one of the Splunk universal forwarder which have same access group B do not have permissions to read files that are to be ingested.
The files have owner X and access group Y. But we have a limitation to add owner A or access group B to group Y at our organisation to give Splunk UF access to ingest files. so we thought to install Splunk UF under owner X and access group Y so that it has permissions to read files.
But what are the issues that arise from Splunk UF running under owner X , access group Y and the other splunk instances (deployment server, indexers ,S.H) running under owner A and access group B. Can I proceed with different owner and access group for splunk UF?.
↧