Host-based restriction

AMAN0113 · ‎10-01-2023

Hi,
I want to restrict access to different teams based on hosts but don't want to do it by creating multiple indexes for this. The data would be present in one index and teams would be given access to this index, however they should be able to see only the data they own. Is there a way host-based restriction can be achieved?

inventsekar · ‎10-01-2023

Hi @AMAN0113 .. please check these pages:

https://docs.splunk.com/Documentation/Splunk/9.1.1/Security/limitfieldfiltering

https://community.splunk.com/t5/Splunk-Search/How-to-restrict-search-access-to-certain-hosts-or-fiel...

Host-based restriction

access control

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Developer Spotlight with Mika Borner

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

Join the Conversation

Host-based restriction

access control

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Developer Spotlight with Mika Borner

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series