What happens when a user is found that is not in identities.csv?
In relation to Splunk for PCI Compliance, what happens when Splunk finds a user in the events which is not listed in identities.csv? Is this user auto-categorized as "unknown user" or something similar?
View ArticleCreated user not visible on GUI
After creating an user through the ruby SDK, i am able to list it down on terminal using Ruby SDK, but the user is not shown on the Splunk GUI when logged in via admin.
View ArticleFind user that ran a specific dbquery
I need to find which user ran a specific dbquery such as 'select * from table1'. Can someone tell me how to search splunk for this?Thanks, j
View ArticleHow to restrict visualization of triggered alerts to a specific user group?
Hello all,In the triggered alert section, is there a way to restrict users in a specific group from seeing triggered alerts from another user group?I am working with a customer who is reporting that a...
View Articlesplunk 6.1.X boot-start: running with group root (CentOS 6.5) - how force...
hi!Since splunk 6.1.1 we encounter a problem because boot-start creates an init-script which causes the splunk process to run as user splunk - but group 0 (root) - but the files to be indexed are only...
View Articlepython sdk raises keyerror while listing roles of user
Following this example to list user and display properties from here: http://dev.splunk.com/view/python-sdk/SP-CAAAEJ6#listusers ends up in the following error:Users: Administrator (admin) Traceback...
View ArticleSplunk installed failed to create splunk account on RHEL
Dear experts, I installed splunk on the rhel servers. Majority of the time it works fine. But for this one server, when I tried to change ownership of a directory, chown -R splunk:splunk...
View ArticleDo we need to run Splunk as root or non root user?
Do we need to run splunk as non root user? Root or non root? Which way is better?Thanks -Ha
View ArticleIdentify User Logged Out From Inactivity
Hi all, we are looking at Splunk as a potential source to identify users that have long periods of inactivity. If there is no formal "logged out" or "timed out" message to queue on in the logs, would...
View ArticleIs there any provision for an app to store its own user preferences?
We'd like to be able to store user preferences for one of our apps. There is already a $SPLUNK_HOME/etc/users directory for each user, and it looks like some app-specific info already gets stored there...
View ArticleSplunk user roles
Dear All,Can anyone Guide me in understanding the functionality of Splunk Users. when we define users in splunk we can assign 5 roles1) Admin2)user3)can_delete4) power5)Splunk-System-RoleCan anyone...
View ArticleShould we run Splunk as root or non-root user?
Should we run Splunk as root or non-root user? Which way is better?Thanks -Ha
View ArticlePython SDK: How to create a user that can only write to specific indexes?
Hi,I am working with code that sends data to Splunk indexes via the Python SDK (splunklib.client). I want to create a custom user for the purpose of this code. That is, a user who's privileges are...
View ArticleQuestion for new user
I am new user to Splunk and having difficulty understanding how to use it. I have some questions to start with. Please answer it, so that my use of Splunk can be easy1) Does Splunk need to be installed...
View ArticleHow to run DB Connect as Splunk local user?
All,I want to set up a db connection via Splunk DB Connect to a database. We've given the main Splunk local user (i.e. the user name that owns the Splunk processes) access to the database.There doesn't...
View ArticleIs there a file to work with to create a batch report to send to each user?
I have a large pool of users and would like to send each of them a report on how many items they completed that day. I would prefer not to manually create a report for each user since each report will...
View ArticleHow to search the number of distinct users by index over the past 3 months?
I am in need of a search that will display the number of Distinct users by index over the past 3 months. I have created the following search and run it over a 3month time span but I am wondering if...
View Article