- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: In the Cisco Networks App for Splunk Enterpris...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the Cisco Networks App for Splunk Enterprise app how to give access to different groups and not have them see the others devices?
Hi
This is our issue :
We have two different groups : Datacenter and Backbone and each have their own cisco devices and they are sending their syslog to splunk. We decided to differentiate the log like this : Datacenter sends the log to UDP 514 and Backbone sends it to UDP 515 and each group has their own index and the logs of these groups will reside in different indexes.
Now the problem is the Cisco App that I found in splunk base. This is a great app and we want to use this for these two groups and access them to monitor their devices without access to other group devices.
How can we do this (two different groups and two different indexes)?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try to map each source (source="udp:514" & source="udp:515") with different index and set the permissions to respective groups. Ensure to update the index field on all the dashboard/reports/alert etc.. on the app.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can in fact do this with the app if you use the companion "multi tenancy" add-on. It comes with a charge. Let me know if you are interested. The add-on will let you define a set of indexes per Splunk role and change views depending on your permissions (honoring the indexes you are allowed to see)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You have to check it, the app seems not to use certain index names but only the sourcetypes cisco:ios and Cisco:SmartCallHome. So if you set the permissions so each group of users only sees 'their' index, it should work as you need it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
which one of the 57 Cisco apps are you using?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry !
this app :
https://splunkbase.splunk.com/app/1352/
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
New in Observability Cloud - Explicit Bucket Histograms
