I was wondering which is the best practice to follow to not allow everyone to see the Splunk alerts and the Splunk reports.
I created 50 alerts that are running as admin, and they are global. I need them to run on all the data, but I don't want all the users able to see them.
I also created 2 users with restrictions on the access, so that they shouldn't be able to see the alerts and the reports.
Is there a best practice to follow in a situation when you want to limit everyone from seeing the searches?