All Apps and Add-ons

How to allow users other than the admin to search the default "os" index for Splunk App for Unix and Linux?

soleblazer
Engager

Hello.

I created a dashboard using some of the data from the Splunk App for Unix. Its in the default index called "os."

I notice that only the admin user of splunk can query info out of that index. Is there something I need to do to allow other users to do that? The issue I have is when I shared the dashboards, nobody can see the data within the panels except the admin user.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You can give users read permission to an index by editing their role (Settings -> Authentication -> Roles). There's two settings, indexes searched by default (what happens when you don't specify index=foo) and indexes searchable.

Out of the box all users can search all non-internal indexes, so they should already be able to search with index=os - if not, add that index to their indexes searchable setting.

0 Karma
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...