All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Windows Infrastructure: How to add the winfra-admin role to a user in a search head clustering environment?

tkwaller
Builder
‎05-05-2016 05:55 AM

I've been setting up the Splunk for Windows Infrastructure app on my search head cluster. In the instructions it says to add the winfra-admin role to a user. In authorize.conf in $SPLUNK_HOME/etc/system/local I have this:

[role_admin]
importRoles = power;user;winfra-admin
schedule_rtsearch = disabled
srchMaxTime = 8640000

but when I go to Splunk and try to run the setup it still says :

Users and/or groups configured with the winfra-admin user role:
No users or groups with winfra-admin user role detected.

Am I configuring this in the wrong spot?

I would configure this in the GUI, but if clustering is enabled, then changes made via re-enabled menus aren't replicated. So how would I configure this then?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

tkwaller
Builder
‎05-05-2016 07:12 AM

I think I should be able to fix this by running:
"./splunk edit user admin -role admin -role winfra-admin"

Anyone know if this is still the proper procedure?
Would this have to be done on each search head cluster member or will it replicate?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

wild0104
Explorer
‎07-19-2016 01:27 PM

Couple questions:

1) Are you using LDAP for authentication?
2) Are you using a deployment server to manage your distributed environment?

We are using both of the above so I just added an line in the roleMap stanza of the authentication.conf being pushed to all our search heads in the cluster and mapped the winfra-admin group to an existing AD group used in our Splunk deployment.

I think you could also do this via the deployer for your sh cluster by creating an "app" in the %SPLUNK INSTALL%\etc\shcluster\apps that would push the authentication.conf with your roleMap out to the members of your sh cluster.

Hope that helps!

0 Karma
Reply
Solved! Jump to solution
Solution

tkwaller
Builder
‎05-05-2016 07:12 AM

I think I should be able to fix this by running:
"./splunk edit user admin -role admin -role winfra-admin"

Anyone know if this is still the proper procedure?
Would this have to be done on each search head cluster member or will it replicate?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...