All Apps and Add-ons

500 Internal Server Error with EMC Isilon Add-on for Splunk Enterprise. What user account and group configuration is required?

hmatthews_splun
Splunk Employee
Splunk Employee

Hi,

The Isilon account configured within the Isilon TA was generating a “..403 …Forbidden..” error and since adding the account to the audit:admin group, it's now erroring with "500 Internal Server Error".

Please can you advise what user account and group configuration is required within the Isilon config?

Thank you.

0 Karma

gorla
New Member

Hello Folks,

Good day!

We are in similar situation. The account with above privileges able to pull the audit logs from Isilon? Please confirm.

Must appreciated your help. Thanks

0 Karma

pdoconnell
Path Finder

This is what we currently have configured for our user:

Privileges                  Read/write access 
ISI_PRIV_LOGIN_CONSOLE      N/A 
ISI_PRIV_LOGIN_PAPI             N/A 
ISI_PRIV_LOGIN_SSH          N/A 
ISI_PRIV_ANTIVIRUS          Read-only 
ISI_PRIV_AUDIT              Read-only 
ISI_PRIV_CLUSTER            Read-only 
ISI_PRIV_DEVICES                Read-only 
ISI_PRIV_EVENT              Read-only 
ISI_PRIV_FTP                    Read-only 
ISI_PRIV_HDFS               Read-only 
ISI_PRIV_HTTP               Read-only 
ISI_PRIV_ISCSI              Read-only 
ISI_PRIV_JOB_ENGINE             Read-only 
ISI_PRIV_LICENSE                Read-only 
SI_PRIV_NDMP                Read-only 
ISI_PRIV_NETWORK            Read-only 
ISI_PRIV_NFS                    Read-only 
ISI_PRIV_NTP                Read-only 
ISI_PRIV_QUOTA              Read-only 
ISI_PRIV_REMOTE_SUPPORT     Read-only 
ISI_PRIV_SMARTPOOLS         Read-only 
ISI_PRIV_SMB                Read-only 
ISI_PRIV_SNAPSHOT           Read-only 
ISI_PRIV_STATISTICS             Read-only 
ISI_PRIV_SYNCIQ                 Read-only 
ISI_PRIV_VCENTER            Read-only 
ISI_PRIV_WORM               Read-only 
0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...