![]() The universal forwarder creates a least privileged user when you install version 9.1 or later. When you install version 9.1 or later of the universal forwarder, the installer creates a virtual account as a "least privileged" user called splunkfwd, which provides only the capabilities necessary to run the universal forwarder. Running the universal forwarder as a local system account or domain user is not a security best practice, as it provides the user with a lot of high-risk permissions that are unnecessary for running the universal forwarder. With the deprecation introduced in 9.1.0, the latest forwarders will not be able to talk to the indexers running Splunk 7.0 or earlier. Upgrade all of your instances if possible, but if you must use the old version of the Splunk-to-Splunk protocol, refer to the Troubleshooting guide to learn how to enable that behavior. Version 9.1.0 deprecates version 3 of the Splunk-to-Splunk protocol. ![]() The installer is recommended for larger deployments and the command line is recommended for smaller deployments. Install a Windows universal forwarder using an installer or the command line.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |