All Apps and Add-ons

AWS AMI leads to rooted out of Splunk

vman_me
New Member

I just installed the AWS AMI for Splunk and it worked fine, till I tried to run CLIs through $SPLUNK_HOME/bin and add scripted data input by customizing inputs.conf
The $SPLUNK_HOME directory is not accessible by ec2-user so I am wondering if there is a way to gain access to that...
Any pointers appreciated,

  • V
Tags (2)
0 Karma

sudarshan0204
New Member

Got to /opt/splunk
if you logged in as ec2-user, you cannot edit or make directory, so you need to sudo su as root.
sudo su root

Now you are all set

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

The ec2-user should be a sudoer, so try sudo su the-user-running-splunk

acharlieh
Influencer

$SPLUNK_HOME refers to the installation directory, which is not necessarily the same as the home directory of the user. On Linux by default the installation directory is /opt/splunk

vman_me
New Member

I guess its not about root access, but some kind of AWS Authorization.
When I go into the folder /home/splunk , there are only dot files and .splunk.
Within .splunk only one token:
authToken_ip-

perhaps its more about AWS IAM... any ideas?

Thanks...

  • V
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...