Deployment Architecture

How to create a role with limited admin capabilities to put a cluster in maintenance mode?


Basically I need to make a Splunk account with limited admin capabilities, one of them being able to put the cluster in maintenance mode.

Splunk Employee
Splunk Employee

This can be accomplished by creating another role that inherits the User role and adds the edit_indexer_cluster​ capability. With such a role, the user can see the indexer clustering settings menu and place the cluster into maintenance from the CLI as well.

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!