Alerting

What is the best practice for restricting users from seeing Splunk alerts and reports?

Federica_92
Communicator

Hi everyone,

I was wondering which is the best practice to follow to not allow everyone to see the Splunk alerts and the Splunk reports.

I created 50 alerts that are running as admin, and they are global. I need them to run on all the data, but I don't want all the users able to see them.
I also created 2 users with restrictions on the access, so that they shouldn't be able to see the alerts and the reports.

Is there a best practice to follow in a situation when you want to limit everyone from seeing the searches?

0 Karma

asimagu
Builder

Hi mate

According to Splunk, the best practice would be to play with permissions of the knowledge objects and setting up user roles.

http://docs.splunk.com/Documentation/Splunk/6.3.3/Security/SecuringaccessforSplunkknowledgeobjects

0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...