I have a customer who wants to utilize their own search-head to read some Splunk data that I administer. In theory, I have no issues with it. However, we setup this search-head to read the indexers, how do I setup the search-head so that it can read the data, without them knowing the admin password for a distributed search?
I did this by managing the SH for them. I installed the software, set up the admin account and the peer accounts, and then gave them non-admin accounts for searching. This has worked quite well in my environment. I just have to make summary indexes for them when they need new ones.