User role cannot see lookup tables
Every search that contains a lookup or inputlookup function fails with the message stating that the lookup table is invalid. This appears to happen only for the User role. As Admin I have no problem....
View ArticleHow to show different views by the type of user
Hello everyone: My idea is: There are three types of users, I would like to show different views who the the types of user . Can this do with Splunk?
View Articlemapping users to role
Hi, I have created LDAP configuration in our SPLUNK deployment.Version 6.0DO NOT EDIT THIS FILE!Please make all changes to files in $SPLUNK_HOME/etc/system/local.To make changes, copy the...
View ArticleMoving ldap users to local
How would you move all the current ldap users information, user roles, password, etc and create a local account for them instead?
View ArticleSplunk user access
Hello Everyone,I have a situation , I have one app which has 10 dashboards, out of these 10 dashboards 5 are for Finance 2 for Wintel and 3 for network team.Client asks me to provide access to only...
View ArticleGet the list of Users from the below message in a Log file
In the below log file: the users are JACK, ROGERI used something like this: source="/var/log/splunk/splunkcloud/" message=User*I need to just get the User from the below message string.{[-] app :...
View ArticleDisk usage quota (user-level) has been reached: How can I monitor?
We've all seen this message. Disk usage quota (user-level) has been reached. usage=540MB quota=500MB. Then after a while the user concurrent search quota error will hit due to queuing. Then their other...
View ArticleNew User Welcome Email
When I am creating a new user, is there a way to 1) Send him a welcome email through splunk? 2) Force him to change his password the first time he logs in (much list the admin user must do on the...
View ArticleTemporary user access
I have a team of users who only need brief access to my splunk environment. Is there a way to take either a user or a role, and apply them, say for 30 day's, and then the accounts are disabled / deleted?
View ArticleUser audit report
Hello, I am enhancing an existing Splunk instance and I want to build or find a report that will tell me who accessed the system and when, and what searches or reports they ran. Is there a canned...
View Articleuser role and permission
We have multiple department and its data indexed into splunk indexer, how can we define roles / permission to access their specific department content / search / indexes / sourcetype. if a user "A",...
View ArticleConcurrent searches in Splunk (System wide & user specific)
I do have Search head with 16 cores & 2Gb RAM Memory , using Splunk 5.x As , per the calculation for Concurrent search , My system wide Concurrent search is 22max_hist_searches =...
View ArticleIndex Access
Hi,I want to give access to my splunk customers users acccess to only specific imndexes and not main indexes.I also want to restrict that they search on that specific index and not main index, so if i...
View ArticleWhat happens when a user is found that is not in identities.csv?
In relation to Splunk for PCI Compliance, what happens when Splunk finds a user in the events which is not listed in identities.csv? Is this user auto-categorized as "unknown user" or something similar?
View ArticleCreated user not visible on GUI
After creating an user through the ruby SDK, i am able to list it down on terminal using Ruby SDK, but the user is not shown on the Splunk GUI when logged in via admin.
View ArticleFind user that ran a specific dbquery
I need to find which user ran a specific dbquery such as 'select * from table1'. Can someone tell me how to search splunk for this?Thanks, j
View ArticleHow to restrict visualization of triggered alerts to a specific user group?
Hello all,In the triggered alert section, is there a way to restrict users in a specific group from seeing triggered alerts from another user group?I am working with a customer who is reporting that a...
View Articlesplunk 6.1.X boot-start: running with group root (CentOS 6.5) - how force...
hi!Since splunk 6.1.1 we encounter a problem because boot-start creates an init-script which causes the splunk process to run as user splunk - but group 0 (root) - but the files to be indexed are only...
View Articlepython sdk raises keyerror while listing roles of user
Following this example to list user and display properties from here: http://dev.splunk.com/view/python-sdk/SP-CAAAEJ6#listusers ends up in the following error:Users: Administrator (admin) Traceback...
View ArticleSplunk installed failed to create splunk account on RHEL
Dear experts, I installed splunk on the rhel servers. Majority of the time it works fine. But for this one server, when I tried to change ownership of a directory, chown -R splunk:splunk...
View ArticleIdentify User Logged Out From Inactivity
Hi all, we are looking at Splunk as a potential source to identify users that have long periods of inactivity. If there is no formal "logged out" or "timed out" message to queue on in the logs, would...
View ArticleIs there any provision for an app to store its own user preferences?
We'd like to be able to store user preferences for one of our apps. There is already a $SPLUNK_HOME/etc/users directory for each user, and it looks like some app-specific info already gets stored there...
View ArticleSplunk user roles
Dear All,Can anyone Guide me in understanding the functionality of Splunk Users. when we define users in splunk we can assign 5 roles1) Admin2)user3)can_delete4) power5)Splunk-System-RoleCan anyone...
View ArticleShould we run Splunk as root or non-root user?
Should we run Splunk as root or non-root user? Which way is better?Thanks -Ha
View ArticlePython SDK: How to create a user that can only write to specific indexes?
Hi,I am working with code that sends data to Splunk indexes via the Python SDK (splunklib.client). I want to create a custom user for the purpose of this code. That is, a user who's privileges are...
View ArticleQuestion for new user
I am new user to Splunk and having difficulty understanding how to use it. I have some questions to start with. Please answer it, so that my use of Splunk can be easy1) Does Splunk need to be installed...
View ArticleHow to run DB Connect as Splunk local user?
All,I want to set up a db connection via Splunk DB Connect to a database. We've given the main Splunk local user (i.e. the user name that owns the Splunk processes) access to the database.There doesn't...
View ArticleIs there a file to work with to create a batch report to send to each user?
I have a large pool of users and would like to send each of them a report on how many items they completed that day. I would prefer not to manually create a report for each user since each report will...
View ArticleHow to search the number of distinct users by index over the past 3 months?
I am in need of a search that will display the number of Distinct users by index over the past 3 months. I have created the following search and run it over a 3month time span but I am wondering if...
View Article