Security

Capabilities needed for a service account to enable Maintenance Mode and issue offline command

ShaneNewman
Motivator

I have been researching the docs here: https://docs.splunk.com/Documentation/Splunk/6.6.3/Security/Rolesandcapabilities

There isn't a good mapping of what I am trying to accomplish here in the docs. We are trying to automate some routine maintenance and also enable our hardware teams to replace disks as they fail without requiring scheduling with our team - outside of approvals and verifications. Can someone assist me in identifying the minimum capabilities needed for this service account I have created (LDAP) to be able to perform the following:

Enable Maintenance Mode
Disable Maintenance Mode
Rebalance Primaries
Rebalance _raw data
Splunk offline

I have not listed splunk stop/start because those commands do not require authentication from the CLI.

0 Karma
1 Solution

leonphelps_s
Path Finder

For "splunk offline" you'll need to give the account a role with the capability "edit_indexer_cluster". It may work for some of those others.

View solution in original post

leonphelps_s
Path Finder

For "splunk offline" you'll need to give the account a role with the capability "edit_indexer_cluster". It may work for some of those others.

Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...