Hello All!
I need to restrict specific index/indexes in Windows App
I able to do it with specific indexes after i set restrictions in authorize.conf
what file do i have to modify to accomplish it?
Tnx
Vadim
Not very clear on the question, however in authorize.conf we have few parameter to restrict the index from viewing for specific roles. You can actually refer below doc for more information.
https://docs.splunk.com/Documentation/Splunk/7.2.5/Security/Addandeditroleswithauthorizeconf#Search_... and also, you can refer below splunk answer for reference.
https://answers.splunk.com/answers/672165/how-to-build-a-srchfilter-when-two-indexes-are-all.html
authorize.conf it is. what is the question again?