Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to give a user access "full control" over his forwarder inputs on the configure server, but restrict access to any other forwarders?

demodav
Path Finder
‎01-08-2016 10:56 AM

I want the ability to grant a user access to his forwarder inputs on the configure server, so that he can add Windows event Logs, Files & Directories, Windows Performance Monitoring, TCP, UDP, & Scripts to his forwarder. However, I want to limit it where he does not have access to any other of the forwarders. How can I achieve this?

0 Karma
Reply

renjith_nair
Legend
‎01-08-2016 08:55 PM

If you are talking about the data visibility, then forward the data to different indexes and set the user permission only to his index.
About the forwarders, are you setting up multiple forwarders on same machine? If not, the access restrictions should be at machine level

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

demodav
Path Finder
‎01-11-2016 06:26 AM

No, not just visibility, but manageability. Within the Configure server. I want to grant admin privileges to only 1 index. So that the team can manage their own forwarder, but not have access to others on the system.

0 Karma
Reply

renjith_nair
Legend
‎01-11-2016 06:05 PM

I'm sorry I didn't get that quite clear. If i understand correctly, you have a config server and you have multiple forwarders on that for different teams and you want to separate it so that each team handles their own inputs.
So do you have multiple forwarders on the config server or just one forwarders which forwards data from different inputs?

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...