Hello,
in our environment we have monitoring instance install on separate server, and want to provide the read only access to one of the user so that he can monitor the general stuff but can not do any changes. So want to know what kind of roles and capabilities I need to assign to that user so that he can login to monitoring console and do the L1 activity.
Thanks.
Hi ,
There is no option for monitoring only the Splunk Console(Monitor Console in Splunk) as there is dependency on roles .I tested it our environment but that doesn't work
You can still create restrictive roles based on a current role or creating a new for a new user
hello there,
i think you can create a new role, add the user role to it as well as the following capabilities:
dispatch_rest_to indexers
and all the objects that start with: list_
also, you will have to allow that role to see date from internal indexes (starts with "_" underscore)
full list of capabilities here:
https://docs.splunk.com/Documentation/Splunk/7.0.2/Security/Rolesandcapabilities#List_of_capabilitie...
hope it helps