Report search / indexer storage quota
After experiencing our own version of user quota issues addressed in other questions, I want to execute a search in Splunk forhow much space is used by (a given set of) userswhat are those users'...
View ArticlePrevent Alerts From Running a Script
Is there a way to create a user role that can create alerts that can be mailed to an inbox but not have the ability trigger a script? I am looking in to creating a script that sends SNMP traps to an...
View ArticleIs it possible to Monitor Splunk User activity?
Is it possible to Monitor Spunk User activity of users using Splunk, based on Splunk internal Logs?If so What would be the best place to start monitoring?, if there was an already built Splunk App for...
View Articlesearch for Count of users per minute for a hour
user activities are captured in _audit index. Using this i would like to see how many users are active on a given minute for an hour. I tried thisindex=_audit | dedup user | timechart span = "1m"...
View ArticleHow to add the user who is performing a search as an event field
We use some lookup tables to whitelist and blacklist events by src_ip. I've created a view that allows a user to input a src_ip and have that added to the lookup table. The search looks...
View ArticleWhat Does This Message Mean - UserManagerPro - Unable to get authentication...
I am setting up a new Search Head server. Everything (almost) seems to be working OK so far but I see this message appearing in the splunkd.log for both of my Indexer Servers:UserManagerPro - Unable to...
View ArticleUser Permissions
Tom has "POWER" ROLE that inherits "USER" Role and has more capabilities. Tom creates dashboard "Dash1" Tom wants to share Read access to ROLE "TOM-TEAM-ROLE". Tom is not able to see "permissions" link...
View ArticleRole capabilities
All, Is it possible to give certain roles the ability to control users. I do not want to give this role admin rights, but I want them to add users. I have tried the capabilities of "edit_user" and...
View Articlerole permission
I create a role [role_mmuser]admin_all_objects = enabled change_authentication = enabled edit_deployment_client = enabled list_deployment_client = enabled edit_deployment_server = enabled...
View ArticleWhy should i run reload auth every time i add users (LDAP enabled)
We are having LDAP enabled for user management. I add user id in authentication.conf. then run the command splunk reload deploy-server. This command pushes authentication.conf to all pooled Search...
View Articlehow can I disable "View results" for user
I did not hope user group to do the "View results" action in dashboard,how can I make it ? Thank you !
View Articleuser addition issue
I add users in authentication.conf. I push them to SH. The updated file resides on .../primary/.. But when i reload (which i have to do for some reason), a new copy of authentication.conf is...
View ArticleWhat Capabilities do I need to enable so a user can change sharing permission...
What Capabilities do I need to enable so a user can change sharing permission on their searches?
View ArticleHow to configure syslogd under OSX to send all user logon events via AFS and...
Hi, new here and to splunk - i'm hoping to use splunk to help audit security events under OS X server (running 10.7.4) for both Apple File Server events and SMB server events.I've got splunk running...
View ArticleAccess denied for user: '@domain'
I have configured connection to my Mysql database, but I cannot access to it when I click "Explore your MySQL databases. Below is my configuration which is standard and simple. [database-server.domain]...
View ArticleHow to setup a load balancer for search heads.
How to setup a load balancer between search head and users ? I do have a VIP address with a stick protocol enabled on two ports.
View ArticleScripted Auth in 4.3 with User Email
Anyone get Scripted Auth working in 4.3 (or any other version) where the user's email address is populated? I can't find any way to do this in the documentation, but seems necessary because so much of...
View ArticleHow to profile a User?
Hello,I am looking for ways to profile a user's "typical" account usage. For instance, if a user normally logs in from 8am - 5pm, but then all the sudden the user starts logging into a system at 12am...
View ArticleOS and browser extraction from useragent
Hi, I need to extract OS and browser details from useragent. Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR...
View ArticleClik here to view.
User signon issues
So there I was logging onto Splunk-base when do you know what happened? I can only assume my last upvote caused a split in space and time as I've just logged in and something appears to have gone very...
View Article