• Read This First
  • Before you install
    • System Requirements
    • Installing as root
  • What Gets Installed
• Step by Step Installation
  • Step 1: Unpack the software
    • Tarball
    • RPM
    • deb
    • FreeBSD
    • Mac OS
    • Solaris
  • Step 2: Start Splunk
  • Step 3: Install your license
    • Using SplunkWeb
    • From the command line
• Install Splunk Toolbar
  • How to Install the Splunk toolbar for Firefox
    • Install from download page
    • Install from Splunk server
    • Uninstall Splunk toolbar
  • How to install the Splunk toolbar for Internet Explorer (beta)
    • Install Internet Explorer toolbar from download page
    • Install toolbar in Internet Explorer
    • Uninstall Internet Explorer toolbar
• Advanced Installation Topics
  • Automated installation
  • Configure Splunk to Start at System Startup
  • Run Splunk as a non-root user
    • Start Splunk as a non-root user
  • License Management
    • Installing or updating a license
  • Uninstall Splunk
    • RedHat Linux
    • Debian Linux
    • Solaris
    • FreeBSD
    • Manual uninstall
• Upgrade Instructions
  • Read this first before upgrading to 3.0.x
    • All bundles, all the time
    • Terminology changes
    • Event typer changes
    • What will be preserved on upgrade
    • Deployment server
    • License changes
  • Upgrading 2.1.x or 2.2.x to 3.0.x
    • Step 1: Administrative preparation
    • Step 2: Install the 3.0.x package and update your database
    • Step 3: Update and restore your configuration files
  • Upgrading to a later 3.0.x maintenance release
    • For rpm, pkg, and deb upgrades
    • For tar upgrades
• Help
  • Getting Help
    • Accessing help in SplunkWeb
    • Accessing help in the command line (CLI)
    • How can I learn more about Splunk's advanced features?
    • I lost my Splunk.com password. What do I do?
    • How do I report problems?
    • How can I make suggestions?
    • I have some questions that aren't answered here. Where can I get help?
  • Installer options
• Reference
  • File Manifest
  • PGP Public Key
    • Installing the key

Run Splunk as a non-root user

Splunk can run as any user on the local system.
If you run Splunk as a non-root user, make sure Splunk has the appropriate permissions to:

• Read the files and directories it is configured to watch
  • Some log files and directories may require root or superuser access to be indexed
• Bind to the network ports it is listening on (ports below 1024 are reserved ports that only root can bind to)
  • UDP port 514 is the port for syslog data
• Execute any scripts configured to work with your alerts or scripted input

Start Splunk as a non-root user

To run Splunk as the splunk user run the command:

sudo -H -u splunk /opt/splunk/bin/splunk start

• If Splunk is installed in an alternate location, update the path in the command accordingly.
• Your system may not have sudo installed. If this is the case, you can use su.
• If you are installing using a tarball and want Splunk to run as a particular user (such as splunk), you must create that user manually.