Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can i block some user to see a specific log when all my indexes are on the same dir?

gkope
Engager
‎08-28-2013 10:38 AM

Hi Everyone,

My case is:

I have my splunk in this structure:

/data/splunk/hotwarm (all logs, from all hosts, stay in this dir)
/data/splunk/cold
/data/splunk/frozen

How can I block some users to see logs from specific hosts? Or, how can I choose what hosts (all logs from that host) a specific user can see (search logs)?

Thanks,

Tags (4)
0 Karma
Reply

ckurtz
Path Finder
‎08-28-2013 10:54 AM

Splunk's role-based permissions are only granular to the index level, so the only way would be to have the different hosts in different indexes, and limit one set of users (via a role) to the single index while the others (via a different role) see all the indexes.

See http://docs.splunk.com/Documentation/Splunk/5.0.4/Security/Aboutusersandroles

Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...