Hi there.
As in subject, how to make NMON aggregated data available NOT ONLY TO ADMIN users?
I can query alla data from NMON since i'm admin in System, but i would like to make some metrics available to public normal users Dashboards, all query from normal users returns no data... how to? I tried to give read grant to ALL in all nmon eventtypes, but with no success. Should i have to edit ALL NMON objects??? 😢😢😢
Thanks 👍
Still have read for all users for the App.
I solved the issue with metadata editing.
For some reason i got a
[]
owner = admin
access = read : [ admin ], write : [ admin ]
And many other objects with same grants.
I simply deleted all the single grants for single objects and gave full general access with,
[]
owner = admin
access = read : [ * ], write : [ admin ]
Restarted all Splunk SearchHead daemons (clustered) and things now are OK!!! I can query with User.Role and get all fields extracted by NMON conf 😇
You need to add the nmon indexes to your user roles, or create a new role for the nmon users.
Go to: Settings > roles > "your user role" > Indexes tab > "select indexes"
You should see the following indexes for the nmon data:
os-unix-nmon-config
os-unix-nmon-events
os-unix-nomon-internal
os-unix-nmon-metircs
🤔
... i'm using only 1 index for NMON,
index=*nmon* | dedup index | table index
nmon
🤔🤔🤔
Okay, just add the nmon index to your user role that needs access.
Another method is to schedule an admin alert and log the data inside a public access index or a metric index, and then get nmon data from there, where "user role" can query... but i then need to extract all nmon data in field, since the original ones are only admin 😣
Role still has "nmon" index access... i can query "nmon", but can't get all eventtypes and metrics... i think the first install of NMON ADDON gave all nmon objects only "admin" rights... 🙄 ... maybe i can see inside metadata path and correct all the "access =" parameter 😔
I see... you need to make the nmon app global or accessible to those users
Click apps > Manage apps > NMON app > Permissions Read/Wright all
Make app accessible to users.
Are your users able to access the NMON app? If you don't want the app global, the users will only have the knowledge objects available within the NMON app.
Still have read for all users for the App.
I solved the issue with metadata editing.
For some reason i got a
[]
owner = admin
access = read : [ admin ], write : [ admin ]
And many other objects with same grants.
I simply deleted all the single grants for single objects and gave full general access with,
[]
owner = admin
access = read : [ * ], write : [ admin ]
Restarted all Splunk SearchHead daemons (clustered) and things now are OK!!! I can query with User.Role and get all fields extracted by NMON conf 😇