Security

Capabilities needed for a service account to enable Maintenance Mode and issue offline command

Motivator

I have been researching the docs here: https://docs.splunk.com/Documentation/Splunk/6.6.3/Security/Rolesandcapabilities

There isn't a good mapping of what I am trying to accomplish here in the docs. We are trying to automate some routine maintenance and also enable our hardware teams to replace disks as they fail without requiring scheduling with our team - outside of approvals and verifications. Can someone assist me in identifying the minimum capabilities needed for this service account I have created (LDAP) to be able to perform the following:

Enable Maintenance Mode
Disable Maintenance Mode
Rebalance Primaries
Rebalance _raw data
Splunk offline

I have not listed splunk stop/start because those commands do not require authentication from the CLI.

0 Karma
1 Solution

Path Finder

For "splunk offline" you'll need to give the account a role with the capability "edit_indexer_cluster". It may work for some of those others.

View solution in original post

Path Finder

For "splunk offline" you'll need to give the account a role with the capability "edit_indexer_cluster". It may work for some of those others.

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!