Splunk Dev

Bulk import users?

stefanlasiewski
Contributor

I am using Splunk with SSO (Shibboleth) for authentication. Unfortunately, I still need to create a Splunk user for every user coming in through SSO.

How can I bulk import users into Splunk, preferably from the command line?

  • There is a file named $SPLUNK_HOME/etc/passwd. I have added users to this file, but they don't appear in the web interface under http://splunk.example.org/en-US/manager/launcher/authentication/users . In addition, Splunk removes users from this file periodically.

  • The command $SPLUNK_HOME/bin/splunk import userdata -dir /tmp/export.dat, but there is almost no documentation about this feature, and I cannot find anything which describes the format of export.dat . It looks as if this feature is really intended to export userdata from Splunk and import it to another Splunk instance, which is not what I am trying to do.

Tags (1)
0 Karma
1 Solution

stefanlasiewski
Contributor

Well, in the end I just ended up doing a loop like:

for USER in $USERLIST
do
    $SPLUNK_HOME/bin/splunk add user ${USER}@example.org -password jibberish
done

Not quite a bulk import, but it gets the job done.

View solution in original post

0 Karma

stefanlasiewski
Contributor

Well, in the end I just ended up doing a loop like:

for USER in $USERLIST
do
    $SPLUNK_HOME/bin/splunk add user ${USER}@example.org -password jibberish
done

Not quite a bulk import, but it gets the job done.

0 Karma

premg
Engager

Hi,
We have a scenario like one deployment server and two search heads. Can we bulk load the users from deployment servers for the searchheads?

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Have you tried adding users using a script with the CLI (import userdata)?

ChrisG
Splunk Employee
Splunk Employee

Oh look, yes you did. Not sure how I missed that, sorry!

0 Karma

stefanlasiewski
Contributor

Yes I have, which is why I mentioned import userdata in my question.

0 Karma

ithangasamy_spl
Splunk Employee
Splunk Employee

It is the authz that require the user to be available in splunk, you can workaround by either
creating a LDAP strategy pointing to your Shibboleth identity store if it is LDAP.
or
duplicating the Shibboleth user identities in the Splunk with proper role mapping
I use a script like this to create a local splunk users

#!/bin/sh
FILE=$HOME/scripts/uids.txt
ACTION=$1

user_add()
{
line1=$1
curl -k  -u admin:changeme -X POST -d "name=$line&password=$line&roles=admin" https://localhost:8089/services/authentication/users
#curl -k  -u admin:changeme -X POST -d "name=$line&password=$line&roles=splunk_role_edit_tcp" https://localhost:8089/services/authentication/users
 echo "Creating User $line"
return 0
}
user_del()
{
line1=$1
curl -k  -u admin:changeme -X DELETE https://localhost:8089/services/authentication/users/$line1
 echo "Deleting User $line"
return 0
}
user_auth()
{
line1=$1
curl -k -X POST -d "username=$line1&password=$line1" https://localhost:8089/services/auth/login
 echo "Authenticating User $line"
return 0
}

cat $FILE|while read line
do
if [ $ACTION = "add" ]
then
 user_add $line
elif [ $ACTION = "del" ]
then
 user_del $line
else
 user_add $line
 user_auth $line
 user_del $line
fi
done 

my uids.txt is something like, I use uid/pwd same but you get the point


Lewis_User0
Cesar_User1
Mark_User2
James_User3

hope this helps

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...