diff --git a/packer/ansible/roles/linux_universal_forwarder/tasks/install_universal_forwarder.yml b/packer/ansible/roles/linux_universal_forwarder/tasks/install_universal_forwarder.yml
index 2ef4862f..916006fb 100644
--- a/packer/ansible/roles/linux_universal_forwarder/tasks/install_universal_forwarder.yml
+++ b/packer/ansible/roles/linux_universal_forwarder/tasks/install_universal_forwarder.yml
@@ -45,6 +45,12 @@
 - name: setup to start at boot
   become: true
   command: "/opt/splunkforwarder/bin/splunk enable boot-start -user splunk"
+  
+- name: Add splunk user to systemd-journal group
+  user:
+    name: splunk
+    groups: systemd-journal
+    append: yes
 
 - name: Start splunk uf
   become: true