Host-based restriction

AMAN0113 · ‎10-01-2023

Hi,
I want to restrict access to different teams based on hosts but don't want to do it by creating multiple indexes for this. The data would be present in one index and teams would be given access to this index, however they should be able to see only the data they own. Is there a way host-based restriction can be achieved?

inventsekar · ‎10-01-2023

Hi @AMAN0113 .. please check these pages:

https://docs.splunk.com/Documentation/Splunk/9.1.1/Security/limitfieldfiltering

https://community.splunk.com/t5/Splunk-Search/How-to-restrict-search-access-to-certain-hosts-or-fiel...

Host-based restriction

access control

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation

Host-based restriction

access control

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!