|
I'm trying to index a file on a mapped network drive, but I keep getting seeing 'Access is denied' in splunkd.log. I can read the file ok from my server, why can't Splunk? Splunk is running on Windows 2003 R2 32-bit |
|
By default on Windows, Splunk runs as 'Local System User' which isn't really a 'user' in the normal sense. It's simply a collection of basic permissions and capabilities that allows Splunk to run as a service, execute scripts etc. Normally, these permissions only extend to the limits of the local box, and to access network resources, you need to run as a user with domain permissions Its all documented here - http://www.splunk.com/base/Documentation/latest/Installation/InstallonWindows#Choosing_the_user_Splunk_should_run_as Most notable part - If you intend to do any of the following things, you must give Splunk a Domain account: |