Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the best way to add users to the search head cluster?

mlevsh
Builder
‎10-18-2016 09:25 AM

Hi,
We are running Splunk 6.3.3. Our search head cluster (4 search heads at the moment) is using SAML authentication.
We are looking for a way to add an user with Splunk authentication without adding it on each search head separately.

Any ideas will be appreciated!
Thanks

0 Karma
Reply

cdoebert
Path Finder
‎10-18-2016 12:23 PM

There is no way in 6.3.3 to have the changes replicate. You'll need to run the splunk add user command on each search head.

http://docs.splunk.com/Documentation/Splunk/6.3.3/DistSearch/AdduserstotheSHC

Reply

mlevsh
Builder
‎02-23-2017 01:09 PM

@cdoebert, actually there is a way to replicate - if shared secret is the same between servers (in our case there is) we can copy $SPLUNK_HOME/etc/passwd file that has a new user created to other servers , restart splunk on servers with just copied file. Make sure to backup

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...