I'm sure this is a noob question but here goes. I have used Splunk from the user perspective but now dipping my toes as an admin. I have Splunk 8.0.5:
I am logged into the UI of the search head and have the admin role but I cannot do any of the following:
I'm presuming this is because it need to logon to the UI of the master node for this in a clustered configuration? So when I try to do this with my account (LDAP) it fails. Is the auth.conf per node in the cluster or centralized?
If the cluster master is the UI you're using then, yes, you should be able to see all indexes. Otherwise, the indexes.conf file must be installed on the instance you are using.
Licensing has nothing to do with the visibility of indexes.
If the previous admin was any good then he or she installed the same (roughly) indexes.conf file on all nodes. That would ensure SHs and indexers knew what all of the indexes are. I say "roughly" because the indexes.conf file on a SH does not need the same volume definitions since no data is being stored by it.
To view licensing usage you must sign in to the license manager or the Monitoring Console. Since the SH failed you, I presume these roles are filled by the Cluster Manager.
auth.conf files are per-node.
So the /local/indexes.conf file on the cluster master appears to have the index definitions.
I can see that the authentication.conf files on the indexers and cluster master seem to be at defaults. When viewing the licensing area from the SH I see this:
But most of the dashboards are empty
If the cluster master is the UI you're using then, yes, you should be able to see all indexes. Otherwise, the indexes.conf file must be installed on the instance you are using.
Licensing has nothing to do with the visibility of indexes.