Quantcast
Channel: Questions Tagged With user
Viewing all 118 articles
Browse latest View live

Scripted Auth in 4.3 with User Email

October 25, 2012, 3:47 pm
$
0
0

Anyone get Scripted Auth working in 4.3 (or any other version) where the user's email address is populated? I can't find any way to do this in the documentation, but seems necessary because so much of what can be done with Splunk assumes that you have an email address. What makes this much worse is that users who have been populated with Scripted Auth cannot be edited from within the Manager UI, so I am unable to set the users' email addresses manually, as well.

I am currently using PAM auth (by necessity -- don't ask), and I can easily use an algorithm to set the user's email address, if only I knew where. In that past I've used Splunk with AD/LDAP auth and had no trouble with email address population.

Search

How to profile a User?

November 5, 2012, 6:41 pm
$
0
0

Hello,

I am looking for ways to profile a user's "typical" account usage. For instance, if a user normally logs in from 8am - 5pm, but then all the sudden the user starts logging into a system at 12am that wouldn't be normal in most cases.

Another idea... Logon duration times, multi-machine logins, etc.

Just curious if anyone is doing any use profiling in this manner that's easily duplicated in our environment. We log everything (even process execution).

Thanks

OS and browser extraction from useragent

November 16, 2012, 1:15 am
$
0
0

Hi,

I need to extract OS and browser details from useragent. Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) I need to capture Web Browser Version and Operating System Version from each user per visit. Is there any easy way that I can get the info instead of writing python script?

User signon issues

November 16, 2012, 11:00 am
$
0
0

So there I was logging onto Splunk-base when do you know what happened? I can only assume my last upvote caused a split in space and time as I've just logged in and something appears to have gone very very wrong...

My user signon is Draineh for the nickname Drainy but clearly this has gone sideways... Halp? Drainy still exists! Do I need to embark on some sort of journey of self-discovery to find myself again? Whatever will happen next?

alt text

How does Splunk manage LDAP or AD user-created objects if the user is no longer active?

January 4, 2013, 3:07 pm
$
0
0

I've got some users who are no longer around in my Splunk instance and I want to remove the user created objects. Is there a procedure I can follow for this task?

WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user

January 14, 2013, 10:47 am
$
0
0

I'm getting this warning on my search peers. After some digging around (and trying this on some brand spanking new setups) I found out it has something to do with Splunk calling services/admin/auth-keys and not getting an appropriate response back. But I'm still baffled why, at first I thought I misconfigured something but after doing a test setup with just one search head and one search peer I get the same issue. This makes me doubt if this is "working as intended" or something else..

Any ideas anyone?

User Controls

January 22, 2013, 4:18 am
$
0
0

I created a dashboard. Two different users will be accessing this dashboard - Admin & User I need admin alone to use drilldown functionality not the user.

How can i configure this ?

Session information (USER ID)

January 22, 2013, 4:55 am
$
0
0

I want to have user login information from Splunk.(Session information)

USER ID, any piece of information, good!

I would like to know if there is a way.

Want to use the information that is obtained from the dashboard.

Search

Can i give user defiened text to the pie grahps ?

January 23, 2013, 4:05 am
$
0
0

Hi .

I have plotted a pie graph say with the values NOT,SOT,...Now i need to expand these values right side of the pie graph .so that it makes sense for the user wat is NOT etc..

Some thing like .

NOT - Notification

I need to add this text beside the pie graph . is it possible in splunk ?? i tried writing the text in HTML module but it didnt wokrked ? can you pls help ,

What needs to be done when ldap user is deactivated?

February 4, 2013, 7:51 pm
$
0
0

If we have an ldap user that is deactivated, what happens to all of his scheduled searches and other user content like views, tags, field extractions?

Has someone come up with steps or a script to migrate all content for a disabled user to another user?

Track users journeys through an app and map out the pages they view

February 9, 2013, 7:45 am
$
0
0

So I have a bespoke Java app running in tomcat logging out different events which correlate to different sections on the app. Each different page is logged into a different log file so I have multiple sources all under one sourcetype. There is a key value pair field called 'user' on every line which represents the logged in users email address.

I'm able to isolate an event in each source which shows the user has visited that page in the app.

I want to be able to create a report and/or visualisation that can show the order in which the users moved around the app at a high level as a Proof of Concept. I need to be able to visualize multiple users and variations in the journey as its non-linear.

This is a rough version of my query atm.

index=prod user=foo@user.com NOT message="cache"

| dedup _raw,host,_time | transaction source maxspan=1m | rex field=source "/var/log/tomcat/(?<page>.*).txt"

| table _time,user,page | chart count(user) over _time by page | chart count(userjounrney) over _time by page

Any ideas on how we could visualize this in a way it shows the progression of the pages that a specific user hit at what time?

UPDATE:

I've tried adding this to the end of the search and it visualizes the pages BUT not showing the order or time at which users visited them

| eval Page = if(page="acs","ACS",if(page="home","Home",if(page="my-bills","My-Bills",if(page="ebill","eBill",if(page="direct-debit","Direct-Debit",if(page="my-apps","My-Apps",if(page="my-profile","My-Profile",if(page="createprofile","Create-Profile",if(page="my-offers","My-Offers",if(page="faults","Service-Status",if(page="trackorder","Track Order",0))))))))))) | chart count over Page by user usenull=f useother=f

Splunk User Activity

February 27, 2013, 1:15 pm
$
0
0

I am trying to setup a dashboard to show how much time each user spent using Splunk each week.

Anyone got any suggestions how I can track user activity time in spunk _Internal or _Audit indexes.

User settings reset after running a saved search

March 1, 2013, 12:37 pm
$
0
0

I'm running in to an issue where after running a search which the users set their preference for lines per event, results per page, and search time, they'll run a saved search and all of the setting changes they made all revert back to what they were prior to making changes (in this case 10 lines per event, x results per page, and the time defaults to ALL TIME). Is there anyway to make the users options persist?

Can a user (non admin) save a global search

April 4, 2013, 4:46 pm
$
0
0

Normally, only an admin can save a global search. However, is it possible for a user to save a "non private" search without the actions of an admin. I know that a user can save a search and the admin can make it global, but I would like it to become global immediately. I am assuming this may be done by adding an additional capability to the role "user". If not, I do not mind making a new role for everyone. This new role would be a normal user with the added ability to save searches,

Even better, is it possible for a user to save a search that only his "group" has access to? Maybe have a special role where a user (not an admin) can save a search and everyone in that role can view it?

Installing rpm as different user and not creating splunk user

April 11, 2013, 7:54 am
$
0
0

Is it possible to install the universal forwarder rpm as a different user and not have the rpm create the "splunk" user?

Search

splunk user/ group and ftp issue

April 24, 2013, 5:43 am
$
0
0

Hi,

I have an instance of splunk installed on a remote unix server. Splunk run with user "splunk" which is in group "admin".

When I edit an xml view, and save it from the splunkweb interface, the permissions to the file are set to:

-rw------- 1 splunk splunk  5398 2013-04-24 14:34 MyEditedXMLView

which is quite inconvenient, as I have also a sftp service on this server, and develop js/ xml in local, and then "commit" the changes on the server, using a user which is also in the admin group.

I would like splunk to write the file with rw-rw---- splunk admin

so I can access it and modify it using my sftp service.

Is it intentional? Is there a way to get around this?

Guilhem

Limit user to his data only

June 6, 2013, 12:59 am
$
0
0

Hello world !

I've a problem on my splunk configuration. I have include an LDAP authentification to Splunk without any trouble and now i want to limit user to their own data. I have a field name "Owner" where in it, i have the username that i want to compare to the username logged. Like if "verrierj" is logged, he must have acces to his data ( where Owner=username ) and not to the data without any concern to him. It is for confidentiality purpose.

If you have any track or solution for me... Cordially.

How to get email id from LDAP

June 12, 2013, 11:38 pm
$
0
0

in the following page, i can see list of users in splunk. /manager/search/authentication/users

I see a field called Email address and we use LDAP authentication. I would like to configure splunk so that i can see user's email id auto populated from AD

my setting in authentication.conf [authentication] authSettings = AD,AD1 authType = LDAP

Anand

How can I get admin roles back? Fail: Client is not authorized to perform requested action.

June 20, 2013, 12:36 am
$
0
0

Hi Everyone, I am a admin user and admin roles was suddenly, now I unable to change or access to any kind of role. Only admin user is available in the system. Every time following message is displaying: "Fail: Client is not authorized to perform requested action."

Could any one help me out with this.

Thank you in advance

Regards, Harshal

removing message banners for certain users

June 24, 2013, 6:24 am
$
0
0

Is there a way we can remove the banner messages from certain users or at least anyone that isn't an admin?

Viewing all 118 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am
Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
First Pictures of the Eclipse ! ! !

First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
Highlights - Bringing young people to the forefront of EU policy making -...

Highlights - Bringing young people to the forefront of EU policy making -...

April 8, 2024, 8:41 am