Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise multitenancy- how can I create Role-based permissions per customer?

Enissay66
Loves-to-Learn
‎02-03-2023 01:34 AM

hello,

My need is to use Splunk Entreprise to serve multiple client organizations using a single instance=> Multitenancy function use.

I have some installed Splunk Apps using only one index and they manage the data coming from multiple clients, how can I separate them on the dashboard ?  how can i create Role-based permissions per customer ?

Does Splunk Entreprise  supports natively Multitenancy function ? how can I achieve my goal ?

Bests,

Yassine.

 

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎02-03-2023 04:41 AM

If you're looking just at Splunk Enterprise (the core product), you can create an index per customer and have a role per customer to give permissions to their indexes on top of roles to give users capabilities. Then you most likely need to rework the apps dashboards to include those indexes. My suggestion would be to e.g. name the indexes something like windows_customer1, windows_customer2 and change the searches in dashboards to look for index=windows_* or create a macro that hold this and use that macro instead in the searches where you'd filter the index (this way if the indexes changes you can just change the macro instead of reworking all the searches again). If the roles are properly set you should see just the data concerning your company based on your role when opening the dashboards. 

If, on. the other hand, you are talking about the premium app Splunk Enterprise Security, as Giuseppe stated, it does not easily support multi tenancy and would likely need some Splunk PS to implement

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-03-2023 02:54 AM

Hi @Enissay66,

Enterprise Security isn't a Multi Tenancy App.

I implemented it with the support of Splunk Professional Services for an italian company, but it isn't an activity that's possible to describe in one answer, it's a project with an elapsed of at least 2 months.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top