Deployment Architecture

Running the Splunk process as a splunk user on Linux, where did you install Splunk?

brent_weaver
Builder

I am installing Splunk as a splunk user. I have it all down, but what directory are people installing it in? Using /opt does not seem like a good idea because you then need to make the /opt dir 775 or 777 depending on who owns /opt...

I welcome to hear where others are installing it. Thanks!

0 Karma

grijhwani
Motivator

You have touched on my biggest gripe with Splunk's system architecture. /opt/splunk is a perfectly valid place to install Splunk, owned by the splunk user. However you should be a superuser to perform the installation. Furthermore - and this is the basis of my objection - you also have to run the entire Splunk instance with root privileges if you want inputs from system logs (unless, of course, you open up the file permissions). Kind of rock/hard place situation.

(You'd think by now Splunk would have broken it down into the main engine and indexes dropping itself down to unprivileged status, and running a micro-service talking through the socket stack purely for accessing privileged logs.)

Here's a typical install

drwxr-xr-x  5 root   root   4096 May  9  2014 /opt
drwxr-xr-x 10 splunk splunk 4096 Jul 13 13:22 /opt/splunk

755 permission, and root ownership on /opt is perfectly normal.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...