Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Different apps for different groups

splunklearner
Communicator
‎02-21-2025 04:23 AM

currently we are on-boarded applications like 1,2,3,4..... 100 into default search and reporting app.

But we they belongs to different groups and we are in process of dividing each applications to designated group and create an app for it.

ABC group has 1,2,3..... 10 applications.

DEF group has 10,11.....40 applications.

So, what we are expecting is to create an app name called ABC and DEF and want all belonging apps to send into this apps (groups). 

As of now, we are restricting users based on their application index.

How to start with this requirement? like DEF app should not be visible and accessible to ABC app and vice versa. They should only see their app and their application logs.

 

Labels (2)
Labels
0 Karma
Reply

splunklearner
Communicator
‎02-21-2025 05:37 AM

We have different indexes and different roles created for different users. Now my question is can I create app and give access to specific group users? How to do that

 

1 application --- different index -- restricted to 1 app team

2 application -- different index -- restricted to 2 app team

now 1 and 2 apps belong to ABC group. Want to ABC as app and 1 and 2 app teams should have access to only ABC group and access their assigned 1 app logs or 2 app logs.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-21-2025 07:53 AM

Hi @splunklearner ,

you can create apps and give access to some Roles to each one.

But assigning apps to Roles you solve only part of the problem, because you have also to assign data access to the Roles and you can do this in [Settings > Roles].

At least, you have to associate your groups to Roles: Roles drive the access policies, Users are associated to access grants throgh Roles.

Ciao.

Giuseppe

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-21-2025 05:23 AM

Hi @splunklearner ,

access grants, in Splunk, are managed at index level, have you all these data in different indexes or all in the same index?

if in different indexes, you can enable each group of users (identified by a proper role) to access one index, then you can also use the same app, but users can see only the indexes enabled for them.

In [Settings > Roles > Indexes] you can define for each role the enabled indexes.

If they are in the same index is more difficoult: you could try to create a rule, at role level, to access only events that match a rule (e.g. applications from 1 to 10), but it's more difficoult to manage the exceptions.

In [Settings > Roles > Restrictions] you can define the filters for that role. 

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...