All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How do I create the winfra-admin role?

rmanni
New Member
‎08-23-2017 10:55 AM

I am in the midst of deploying the Windows apps to monitor our AD environment, when I go to setup the Infrastructure app on our search head, I get the following error:

Users and/or groups configured with the winfra-admin user role:
No users or groups with winfra-admin user role detected.
Assign the winfra-admin user role via Splunk Settings >> Access Controls

However, I do not see a winfra-admin role when I go to assign that to a user/group? So is there a specific method to create this role given that it was not created when the app was deployed?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jcrabb_splunk
Splunk Employee
Splunk Employee
‎08-23-2017 11:48 AM

Referencing this doc for the Windows Infrastructure app, it explains where different components are to be installed:

For the Search Head you will see it requires "Splunk App for Windows Infrastructure". In the base app, under default, there is a authorize.conf with the new role. Did you deploy the app to the Search Head? If so, when you browse to the $SPLUNK_HOME/etc/apps/splunk_app_windows_infrastructure/default/ directory, do you see an authorize.conf file?

Jacob
Sr. Technical Support Engineer

View solution in original post

Reply
Solved! Jump to solution
Solution

jcrabb_splunk
Splunk Employee
Splunk Employee
‎08-23-2017 11:48 AM

Referencing this doc for the Windows Infrastructure app, it explains where different components are to be installed:

For the Search Head you will see it requires "Splunk App for Windows Infrastructure". In the base app, under default, there is a authorize.conf with the new role. Did you deploy the app to the Search Head? If so, when you browse to the $SPLUNK_HOME/etc/apps/splunk_app_windows_infrastructure/default/ directory, do you see an authorize.conf file?

Jacob
Sr. Technical Support Engineer
Reply
Solved! Jump to solution

rmanni
New Member
‎08-23-2017 12:53 PM

Thanks, that is the guide I have been following so far. The authorize.conf file is in the default directory. Do I need to copy it to local?

0 Karma
Reply
Solved! Jump to solution

jcrabb_splunk
Splunk Employee
Splunk Employee
‎08-23-2017 12:59 PM

No you shouldn't need to copy it to local. Have you restarted Splunk on the SH since installing the APP? If so, you can look at btool to see if something is taking a higher precedence.

From $SPLUNK_HOME/bin/

./splunk btool authorize list --debug

Do you see the settings?

Jacob
Sr. Technical Support Engineer
0 Karma
Reply
Solved! Jump to solution

rmanni
New Member
‎08-23-2017 01:07 PM

Thank you - I did not restart the Splunk service after deploying the app from our deployment server. The winfra-admin and windows-admin roles both show up now.

0 Karma
Reply
Solved! Jump to solution

jcrabb_splunk
Splunk Employee
Splunk Employee
‎08-23-2017 01:09 PM

Glad its working for you. 🙂

Jacob
Sr. Technical Support Engineer
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...