Re: How to allow non-root user to check the search...

vin02 · ‎08-13-2017

There is a requirement to allow non-root user to query the cluster status by executing clustat command. But the non-root users are not allowed to execute this command. How to implement the same?

koshyk · ‎08-13-2017

What we have done is , on the cluster Master (or server which holds the DMC or Monitoring Console), we have copied the searches and created a new app with such dashboards which are meant for users.

So in step by step
- create an App MY_stats_app
- Put dashboards, searches, useful things into this app
- Create role for such users who need to access this app (eg MY_ROLE_stats)
- Allow access to this app ONLY for the role

This will make your administration/management very flexible and can allow team-leads/groups/users to access this specific app with centralised management (whereby SH cluster status is just one dashboard or panel)

vin02 · ‎08-13-2017

I have created one non root user 'splunk'. What will be the command to check the search head cluster status using splunk user?

koshyk · ‎08-15-2017

the above steps are in Splunk UI. So please log to UI and do the Monitoring Console steps

How to allow non-root user to check the search head cluster status?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?

How to allow non-root user to check the search head cluster status?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability