topic Re: Prevent access to Splunk Web GUI in Security

Prevent access to Splunk Web GUI

jamesklassen — Fri, 27 Apr 2012 15:19:14 GMT

Is there a way to prevent users from accessesing Splunk Web, while still retaining the ability to run searches?

I am using the Splunk Powershell reskit to develop an application that grabs data from Splunk using Powershell...but I don't want these users to be able to access Splunk Web.

Re: Prevent access to Splunk Web GUI

Lowell — Fri, 27 Apr 2012 15:46:49 GMT

I suppose that simply shutting down splunkweb isn't the option you're looking for?

Re: Prevent access to Splunk Web GUI

jamesklassen — Fri, 27 Apr 2012 18:35:29 GMT

Nope. Me and the other admins need to access splunkweb, the support group that I'm providing this access to should not

Re: Prevent access to Splunk Web GUI

araitz — Fri, 27 Apr 2012 18:48:39 GMT

Run it only on loopback and access it via ssh port forwarding, RDP, or similar.

Re: Prevent access to Splunk Web GUI

sowings — Fri, 27 Apr 2012 19:00:18 GMT

You could set their default application to one which you create with an empty view.

Re: Prevent access to Splunk Web GUI

jamesklassen — Fri, 27 Apr 2012 20:31:22 GMT

Great idea, thanks!

Re: Prevent access to Splunk Web GUI

sloshburch — Mon, 28 Apr 2014 19:52:30 GMT

But wouldn't they still be able to just change apps?

Re: Prevent access to Splunk Web GUI

sowings — Tue, 29 Apr 2014 13:56:29 GMT

Well yes, but the wider point here is that you'd have to tune the role (and I do recommend creating a separate role for them) for those users to only be able to see the content you want them to see.