Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create search for Multi-tenant?

gmbdrj
Loves-to-Learn Lots
‎09-13-2023 12:46 AM
 
 

We are running Splunk ES and trying to make log search and app interfaces for each company. Let's call them CompanyA, CompanyB and CompanyC.Each company has to see its own data and also notable events in ES. As a holding company, we need to access and see all data. What is best way to achieve this goal? Please advise.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-13-2023 12:58 AM

Hi @gmbdrj,

Enterprise Security isn't multi tenant!

You can use as a workaround, to store data of each customer in a different index, but anyway you have to:

  • create different indexes for each customer to identify them (it isn't a great job),
  • manually modify all the searches in Correlation Searches (it isn't a great job),
  • manually modify threat intelligence searches and inputs (very hard job!),
  • manually modify identities and assets (hard job!),
  • create specific dashboard for the customers because it isn't possible to modify the main ES dashboards (it isn't a great job).

I did it for some of our customers but it wasn't a simple job and I hint to engage Splunk Professional Services.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...