Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Permission Distributed Search

dalie
Explorer
‎06-04-2018 12:28 AM

Hello,

Architecture:
I have a distributed Seach (not in Cluster)
1 Search head and 1 Indexer.

Every logs are stored on the indexer and with the search head user can search ....

Problem:
The problem is ... that I can allow a specific index per roles only on the indexer.
But user don't have an access to the indexer, they search via the GUI of the Search Head.

On the Search Head, I don't see the index create on the indexer, so the user have an access on every index
Is that possible to limit the access the search head ?

Thanks in advance

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎06-04-2018 06:52 AM

place the indexes.conf on the search head as well
you are doing great by blocking the UI on the indexer

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎06-04-2018 06:52 AM

place the indexes.conf on the search head as well
you are doing great by blocking the UI on the indexer

0 Karma
Reply
Solved! Jump to solution

dalie
Explorer
‎06-05-2018 01:23 AM

It works !
One more question, every time That I will create and index on the indexer , I have to create this to the search head too then ?

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎06-05-2018 01:31 AM

Yes, you would need to keep that configuration in sync.

Since you are not using clustering, in theory you could use a Deployment Server to centrally manage such configuration that needs to go to multiple systems. But setting that up just for this 1 config file might be a bit overkill.

Reply
Solved! Jump to solution

dalie
Explorer
‎06-05-2018 12:17 AM

Ok thanks I will try to do this 🙂

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎06-05-2018 05:22 AM

@dalie, if it works for you, kindly accept the answer and up-vote helpful comments
cheers

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...