AWS AMI leads to rooted out of Splunk

vman_me · ‎07-07-2015

I just installed the AWS AMI for Splunk and it worked fine, till I tried to run CLIs through $SPLUNK_HOME/bin and add scripted data input by customizing inputs.conf
The $SPLUNK_HOME directory is not accessible by ec2-user so I am wondering if there is a way to gain access to that...
Any pointers appreciated,

V

sudarshan0204 · ‎05-16-2020

Got to /opt/splunk
if you logged in as ec2-user, you cannot edit or make directory, so you need to sudo su as root.
sudo su root

Now you are all set

martin_mueller · ‎07-07-2015

The ec2-user should be a sudoer, so try sudo su the-user-running-splunk

acharlieh · ‎07-07-2015

$SPLUNK_HOME refers to the installation directory, which is not necessarily the same as the home directory of the user. On Linux by default the installation directory is /opt/splunk

vman_me · ‎07-07-2015

I guess its not about root access, but some kind of AWS Authorization.
When I go into the folder /home/splunk , there are only dot files and .splunk.
Within .splunk only one token:
authToken_ip-

perhaps its more about AWS IAM... any ideas?

Thanks...

V

AWS AMI leads to rooted out of Splunk

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!