Same SPL result is different by user A and admin
SPL-> index=xxx
when I do search with userA's userid
"interesting fields" when searching with userA's ID and the results when searching with admin are different
so I was create new userID -> userB and assigned same role as userA
userB's search result is exactly the same result as admin
how to fix userA's search result problem?
admin result
UserA result
I was look up field1 value.
field1 is dst_ip
Users can create private knowledge objects for parsing events. If so, it would only impact that user.
Via the UI, you can look for private objects (field extrations, sourcetype renames, etc..) owned by userA:
Settings -> All Configuraitons
Or check the config files in their user directory $SPLUNK_HOME/etc/users/userA
Users can create private knowledge objects for parsing events. If so, it would only impact that user.
Via the UI, you can look for private objects (field extrations, sourcetype renames, etc..) owned by userA:
Settings -> All Configuraitons
Or check the config files in their user directory $SPLUNK_HOME/etc/users/userA
I appreciate your help.
I appreciate your help !!
Glad it it worked for you!
Did it work?