All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Windows Infrastructure: How to add the winfra-admin role to a user in a search head clustering environment?

tkwaller
Builder
‎05-05-2016 05:55 AM

I've been setting up the Splunk for Windows Infrastructure app on my search head cluster. In the instructions it says to add the winfra-admin role to a user. In authorize.conf in $SPLUNK_HOME/etc/system/local I have this:

[role_admin]
importRoles = power;user;winfra-admin
schedule_rtsearch = disabled
srchMaxTime = 8640000

but when I go to Splunk and try to run the setup it still says :

Users and/or groups configured with the winfra-admin user role:
No users or groups with winfra-admin user role detected.

Am I configuring this in the wrong spot?

I would configure this in the GUI, but if clustering is enabled, then changes made via re-enabled menus aren't replicated. So how would I configure this then?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

tkwaller
Builder
‎05-05-2016 07:12 AM

I think I should be able to fix this by running:
"./splunk edit user admin -role admin -role winfra-admin"

Anyone know if this is still the proper procedure?
Would this have to be done on each search head cluster member or will it replicate?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

wild0104
Explorer
‎07-19-2016 01:27 PM

Couple questions:

1) Are you using LDAP for authentication?
2) Are you using a deployment server to manage your distributed environment?

We are using both of the above so I just added an line in the roleMap stanza of the authentication.conf being pushed to all our search heads in the cluster and mapped the winfra-admin group to an existing AD group used in our Splunk deployment.

I think you could also do this via the deployer for your sh cluster by creating an "app" in the %SPLUNK INSTALL%\etc\shcluster\apps that would push the authentication.conf with your roleMap out to the members of your sh cluster.

Hope that helps!

0 Karma
Reply
Solved! Jump to solution
Solution

tkwaller
Builder
‎05-05-2016 07:12 AM

I think I should be able to fix this by running:
"./splunk edit user admin -role admin -role winfra-admin"

Anyone know if this is still the proper procedure?
Would this have to be done on each search head cluster member or will it replicate?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
Top