Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you help us with a Splunk Root user Issue?

rohitvjoshi
Path Finder
‎12-27-2018 09:53 PM

Hi Splunkers,

Last week, one of our search head went down and we tried to restart the server. We have done some troubleshooting and identified that the Splunk server is running as a root user. After connecting with the network team, we are able to run the Splunk services again as a Splunk user.

We want to understand who has logged in as Root in the server and track down the Ip etc.

We need some guidance on the same.

Thanks,

RJ

Tags (1)
0 Karma
Reply

burwell
SplunkTrust
SplunkTrust
‎12-28-2018 12:18 AM

Hi. This doesn't sound like a Splunk question. Sounds more like an operating system question.

If this happened on a Linux server, typically /var/log/messages would record such events. For example

Dec 28 07:50:16 myserver.mycompany.com sudo:  burwell : TTY=pts/0 ; PWD=/home/burwell ; USER=root ; COMMAND=/usr/local/bin/bash

I am sure your networking people can help you figure this out.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...