All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I hide the Splunk DB Connect app from users but give access to commands, connections, lookups etc.?

AlexeyNL
Explorer
‎08-18-2017 01:19 AM

Hello.

I've got some apps that uses dbxlookup command. I dont need users of the apps to see Splunk DB Connect in the list of available apps. On the other hand i can't make DB Connect invisible because I use it for administrative purposes.
If I grant access to users of the custom apps to db_connect_user role and delete read access db_connect_user from DB Connect access list the user of the custom apps got error in the reports:

Search Factory: Unknown search command 'dbxlookup'.

Is it possible hide DbConnect from users of certain apps and stay reports working?

0 Karma
Reply

andrea_o
Explorer
‎09-28-2017 02:25 AM

Since there's no official solution, I share a sub-optimal solution I've come up with.
It applies only to lookups, and is assuming your lookup table doesn't change very often.

As an administrative user, you schedule a search in the form of
|dbxquery ##### | outputcsv lookupname.csv

Then in the filesystem of the search head, you establish a symbolic link between the spooled output file and the dir where lookups tables reside (for security reasons, outputcsv cannot write directly a lookup table, AFAIK)

After doing this, you declare a standard csv lookup pointing to the symlink, and non-privileged users can use the standard
| lookup lookupname.csv
syntax

0 Karma
Reply

andrea_o
Explorer
‎09-27-2017 05:11 AM

ME TOO.

DB connect v1 was poor, but v2 implementation is even worse.

0 Karma
Reply

lfedak_splunk
Splunk Employee
Splunk Employee
‎09-27-2017 11:01 AM

Hi @AlexeyNL, did you figure out a solution for this?

0 Karma
Reply

harsmarvania57
Ultra Champion
‎09-28-2017 01:47 AM

Hi @AlexeyNL,

As far as I know when you remove read access of any app, artifacts (like searches, dashboards, macros & commands) will not visible to another role's user. So you can't achieve solution for your problem.

Thanks,
Harshil

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...