All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to achieve Multi Tenancy in Splunk UBA and Splunk ES

ashishmaind2499
New Member
‎08-28-2019 11:00 PM

How to achieve multi-tenancy in Splunk UBA and ES?

0 Karma
Reply

cmeisch
Path Finder
‎08-06-2021 09:38 AM

Bringing this back to life:

1) It looks like with ES 6.4, Splunk brought the solution of Entity Zones.   I personally have not played with it yet but will be very soon.  https://docs.splunk.com/Documentation/ES/6.6.0/Admin/Entityzones

So at first glance this looks like the solution if you are just playing with ES.  Now we bring in the big wrench like UBA.  I have not found yet a solution to have multiple tenants going into one UBA.  You will have ip overlap issue... 

Has anyone have more to add to this and\or do we know if there is a solution or one coming down the pipe?

0 Karma
Reply

starcher
Influencer
‎08-29-2019 05:53 AM

There is no multi-tenancy in ES.

0 Karma
Reply

ashishmaind2499
New Member
‎08-29-2019 10:01 PM

@starcher then any workaround to achieve this? Can we edit ES searches and keep separate index per customer and restrict data access using user roles?

0 Karma
Reply

starcher
Influencer
‎08-30-2019 06:10 AM

No there is no easy way to create borders in ES. Hence there not being multi tenant already. I don't know UBA. You should ask your sales rep and they can arrange more specific calls with appropriate Splunk product specialists.

0 Karma
Reply

ashishmaind2499
New Member
‎08-29-2019 10:02 PM

Also how the case differs with UBA?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...