This is an enhancement request.
As part of Splunk Enterprise best practices Splunk should run as 'non-root user'. See official splunk documentation http://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/RunSplunkasadifferentornon-rootuser

Code involved: ~/puppet-splunk/manifests/params.pp

 } else {
    $forwarder_dir = pick($forwarder_installdir, '/opt/splunkforwarder')
    $server_dir    = pick($server_installdir, '/opt/splunk')
    $splunk_user   = 'root'
  }

What are you seeing

splunk runs as "root" user by default. Which is against splunk best practices.

What behaviour did you expect instead

The module should create a non-root user (i.e "splunk" user) and run splunk as it.