Monitoring Splunk

What roles and Capabilities needs to assign in order to access the monitoring console with minimal rights ?

shedalkar
Engager

Hello,

in our environment we have monitoring instance install on separate server, and want to provide the read only access to one of the user so that he can monitor the general stuff but can not do any changes. So want to know what kind of roles and capabilities I need to assign to that user so that he can login to monitoring console and do the L1 activity.
Thanks.

0 Karma

PhenylVon
New Member

Hi ,

There is no option for monitoring only the Splunk Console(Monitor Console in Splunk) as there is dependency on roles .I tested it our environment but that doesn't work

You can still create restrictive roles based on a current role or creating a new for a new user

0 Karma

adonio
Ultra Champion

hello there,

i think you can create a new role, add the user role to it as well as the following capabilities:

dispatch_rest_to indexers

and all the objects that start with: list_
also, you will have to allow that role to see date from internal indexes (starts with "_" underscore)
full list of capabilities here:
https://docs.splunk.com/Documentation/Splunk/7.0.2/Security/Rolesandcapabilities#List_of_capabilitie...

hope it helps

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...