Quantcast
Channel: Questions Tagged With user
Viewing all 118 articles
Browse latest View live

What happens when a user is found that is not in identities.csv?

0
0

In relation to Splunk for PCI Compliance, what happens when Splunk finds a user in the events which is not listed in identities.csv? Is this user auto-categorized as "unknown user" or something similar?


Created user not visible on GUI

0
0

After creating an user through the ruby SDK, i am able to list it down on terminal using Ruby SDK, but the user is not shown on the Splunk GUI when logged in via admin.

Splunk forwarder

0
0

Does the app use the Splunk forwarder?

Find user that ran a specific dbquery

0
0

I need to find which user ran a specific dbquery such as 'select * from table1'. Can someone tell me how to search splunk for this?

Thanks, j

How to restrict visualization of triggered alerts to a specific user group?

0
0

Hello all,

In the triggered alert section, is there a way to restrict users in a specific group from seeing triggered alerts from another user group?

I am working with a customer who is reporting that a specific user can visualize alerts from users in groups other than his.

Is there a way to prevent this kind of situation?

Thanks-

splunk 6.1.X boot-start: running with group root (CentOS 6.5) - how force another group?

0
0

hi!

Since splunk 6.1.1 we encounter a problem because boot-start creates an init-script which causes the splunk process to run as user splunk - but group 0 (root) - but the files to be indexed are only available to the group splunk.

Is there a way to force the splunk-process to run as splunk:splunk?

something like

SPLUNK_OS_GROUP=splunk

(which doesn't work) in etc/splunk-launch.conf ?

regards,

philipp

python sdk raises keyerror while listing roles of user

0
0

Following this example to list user and display properties from here: http://dev.splunk.com/view/python-sdk/SP-CAAAEJ6#listusers ends up in the following error:

Users:
Administrator (admin)
Traceback (most recent call last):
  File "splunk.py", line 16, in <module>
    for role in user.role_entities:
  File "/usr/lib/python2.6/site-packages/splunklib/client.py", line 3054, in role_entities
    return [self.service.roles[name] for name in self.content.roles]
  File "/usr/lib/python2.6/site-packages/splunklib/client.py", line 3195, in __getitem__
    return Collection.__getitem__(self, key.lower())
  File "/usr/lib/python2.6/site-packages/splunklib/client.py", line 1163, in __getitem__
    raise KeyError(key)
KeyError: 'admin'

shell returned 1

Copied and used the code snippet from above link, and logged in as admin using following

service = splunkclient.connect(host='sh1.hostname',
                     port=8089,
                     username='admin',
                     password='adminpassword')

# Get the collection of users, sorted by realname
kwargs = {"sort_key":"realname", "sort_dir":"desc"}
users = service.users.list(count=-1,**kwargs)

# Print the users' real names, usernames, and roles
print "Users:"
for user in users:
    print "%s (%s)" % (user.realname, user.name)
    for role in user.role_entities:
        print " - ", role.name

Using splunk 6, python sdk 1.0.0. Can someone please help to overcome this issue?

Splunk installed failed to create splunk account on RHEL

0
0

Dear experts, I installed splunk on the rhel servers. Majority of the time it works fine. But for this one server, when I tried to change ownership of a directory, chown -R splunk:splunk ./***deploymentclient/

it says

chown: invalid user: `splunk:splunk'

Can someone please tell me why the splunk install failed to create a splunk account on the machine?

And how do I resolve this? is it a simple useradd, etc?

Thanks,


Do we need to run Splunk as root or non root user?

0
0

Do we need to run splunk as non root user? Root or non root? Which way is better?

Thanks -Ha

Identify User Logged Out From Inactivity

0
0

Hi all, we are looking at Splunk as a potential source to identify users that have long periods of inactivity. If there is no formal "logged out" or "timed out" message to queue on in the logs, would there be some way to determine time between last activity and then after a specified period of inactivity, the user is considered "logged out by inactivity" and added to a report that will be sent daily? Is this within Splunk's capabilities? If so, would this require any special scripting beyond a complex search?

I know this is pretty vague and I don't have a lot of specifics yet, but just wanted to throw it out and get some initial feedback. I'll provide updates as things progress.

Thanks

Is there any provision for an app to store its own user preferences?

0
0

We'd like to be able to store user preferences for one of our apps. There is already a $SPLUNK_HOME/etc/users directory for each user, and it looks like some app-specific info already gets stored there (e.g. $SPLUNK_HOME/etc/users/me/myapp/local/ui-prefs.conf). However, everything that I've seen in the etc/users directory is managed by Splunk itself. Is there any provision for an app to store its own user preferences? If so, is there an example somewhere of how that would be done?

Thanks! Steve

Splunk user roles

0
0

Dear All,

Can anyone Guide me in understanding the functionality of Splunk Users. when we define users in splunk we can assign 5 roles

1) Admin

2)user

3)can_delete

4) power

5)Splunk-System-Role

Can anyone tell me what are the functionality of these roles

Thanks

Gajnan Hiroji

Should we run Splunk as root or non-root user?

0
0

Should we run Splunk as root or non-root user? Which way is better?

Thanks -Ha

Python SDK: How to create a user that can only write to specific indexes?

0
0

Hi,

I am working with code that sends data to Splunk indexes via the Python SDK (splunklib.client). I want to create a custom user for the purpose of this code. That is, a user who's privileges are strictly that of writing data into a small number of indexes and be otherwise restricted from writing elsewhere.

I currently have a user with just the capability 'edit_tcp' and the 4 indexes I want specified for search capability, but this does not seem to restrict the write capability when using the .send() python function.

Any help would be apreciated, thanks.

Question for new user

0
0

I am new user to Splunk and having difficulty understanding how to use it. I have some questions to start with. Please answer it, so that my use of Splunk can be easy

1) Does Splunk need to be installed on every server, whose log files are to be searched ?
2) If I install Splunk on my laptop, how do I specify files to be indexed and what fields to be indexed ? Is every file that need to be indexed, need to be specified in Splunk ?
3) If I have installed Splunk on 6 servers, how can I link all these instances for viewing ? eg I have installed Splunk on 3 servers and then I install it on 4th server, how do I add this 4th server in th UI to make it available for viewing ?
4) Do I need to specify which event to index from a file ?

Are all these things for a user OR Administrator OR developer ?

What language knowledge does a Splunk developer need ?

Does a Splunk Administrator need knowledge of operating system only OR does he need anything more than that ?

Thanks


How to run DB Connect as Splunk local user?

0
0

All,

I want to set up a db connection via Splunk DB Connect to a database. We've given the main Splunk local user (i.e. the user name that owns the Splunk processes) access to the database.

There doesn't appear to be an option in DB Connect to just run as the default Splunk user though. I'm forced to supply some username/password to log into the database. Is there a way to get Splunk DB connect to just run as the Splunk local user?

Thanks!

Is there a file to work with to create a batch report to send to each user?

0
0

I have a large pool of users and would like to send each of them a report on how many items they completed that day. I would prefer not to manually create a report for each user since each report will only differ by username and email. Is there a file I can work with to get this done?

How to search the number of distinct users by index over the past 3 months?

0
0

I am in need of a search that will display the number of Distinct users by index over the past 3 months. I have created the following search and run it over a 3month time span but I am wondering if this is the correct approach.

index=_audit NOT user="n/a" NOT user="splunk-system-user" action="search" info="granted" "search index=indexname" | timechart span=1mon count(_raw) by user

Please Advise Thanks in Advance.

Viewing all 118 articles
Browse latest View live




Latest Images