|
We want to install splunk on our Windows servers using a Domain account, but not have the in the local servers' administrator group. When we tried this, splunkweb didn't work and seemed to bind to random really high numbered ports (64000+). Are there additional requirements to the install documentation for Windows in addition to: - Full control over Splunk's installation directory - Permission to log on as a service - permission to logo n as a batch job (etc - the ones stated in the Windows install doc.) Has anyone already worked through the specifics on this? |
|
Within a windows environment, Splunk is installed with an administrator account and installs/modifies multiple services while running. May I recommend an alternative; change your security model within splunk to LLDP. Once completed, you can create and associate user groups based on permissions defined within the Splunk installation. Example: Within Splunk, select the "user" profile then you can selectively add/remove access within the installed Splunk applications. LDAP: Create a new group "splunk_user" This domain group can be very restricted, so long as they can logon, print, browse intranet/specific sites... Back to Splunk, where we add the association for the LDAP "splunk_user" to the Splunk "user" effectively isolating their access beyond basic services. |
It depends on exactly what you are trying to do. Many of the things you list are requirements, but what you plan to do with Splunk will determine additional requirements.