Re: how to push user account from master/deploymen...

dhavamanis · ‎05-14-2015

Need your help!,

Can you please tell us, how to push user account from master/deployment node to SHC members and etc/system/local config. We are pushing apps and users folder from etc/shcluster/ using below, but we could see any option to use etc/passwd file to SHC members. also there is no option to push the standalone search head etc/system/local directory config.

./splunk apply shcluster-bundle --answer-yes -target https://1.13.2.1:8089 -auth admin:changeme

martin_mueller · ‎05-14-2015

If you're using Splunk's built-in authentication then you will have to add every user to each cluster member:

http://docs.splunk.com/Documentation/Splunk/6.2.3/DistSearch/AdduserstotheSHC#Use_Splunk_Enterprise_...

martin_mueller · ‎05-15-2015

Great. If that answers your question then please mark the answer as accepted.

martin_mueller · ‎05-14-2015

As the path implies, those settings are local to a system. If you want to push them to the cluster you should package them in an app, or configure the settings on each member.

dhavamanis · ‎05-15-2015

Thank you so much for the details.

dhavamanis · ‎05-14-2015

thanks, We are using external SSO authentication, but user permissions are stored in Splunk. Can you please tell us, how to copy the standalone etc/system/local/ (web.conf, transforms.conf..etc) files to SHC nodes?.

how to push user account from master/deployment node to SHC members

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?