Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise multitenancy- how can I create Role-based permissions per customer?

Enissay66
Loves-to-Learn
‎02-03-2023 01:34 AM

hello,

My need is to use Splunk Entreprise to serve multiple client organizations using a single instance=> Multitenancy function use.

I have some installed Splunk Apps using only one index and they manage the data coming from multiple clients, how can I separate them on the dashboard ?  how can i create Role-based permissions per customer ?

Does Splunk Entreprise  supports natively Multitenancy function ? how can I achieve my goal ?

Bests,

Yassine.

 

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎02-03-2023 04:41 AM

If you're looking just at Splunk Enterprise (the core product), you can create an index per customer and have a role per customer to give permissions to their indexes on top of roles to give users capabilities. Then you most likely need to rework the apps dashboards to include those indexes. My suggestion would be to e.g. name the indexes something like windows_customer1, windows_customer2 and change the searches in dashboards to look for index=windows_* or create a macro that hold this and use that macro instead in the searches where you'd filter the index (this way if the indexes changes you can just change the macro instead of reworking all the searches again). If the roles are properly set you should see just the data concerning your company based on your role when opening the dashboards. 

If, on. the other hand, you are talking about the premium app Splunk Enterprise Security, as Giuseppe stated, it does not easily support multi tenancy and would likely need some Splunk PS to implement

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-03-2023 02:54 AM

Hi @Enissay66,

Enterprise Security isn't a Multi Tenancy App.

I implemented it with the support of Splunk Professional Services for an italian company, but it isn't an activity that's possible to describe in one answer, it's a project with an elapsed of at least 2 months.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...