We have a requirement to allow approx 50 users to login simultaneously to Splunk using the same shared account. The reason we want to do this is because these users do not have access, and we want them to do a bit of hands-on during a live demo.
Does Splunk support this feature or do we need to look for an alternative solution?
That's not a real requirement.
"Using the same shared account" has nothing to do with the stated use case of giving 50 people temporary access for demo training purposes.
Sure, you could do it that way, but then you'd hit the problem of max concurrent searches per user. Do you want the 50 people to be actually able to DO anything when they are all logged on? If so, you need to give them different user ids with the same role, so that they each get their own concurrent search limits.
Also, if you are letting newbies all on in a flock, then for your own sake, please start them out with default time limits not being "all time", no realtime search, and a default index that won't kill your instances. In other words, if they enter the word
"foo" and hit enter, make sure that by default the system will search to see if the word
"foo" appears in your
index="training" for the preceding 24 hours, rather than checking your entire organization's proxy logs for all time.
Why is that not a real requirement?
For the purpose of a demo, we don't know who the users are going to be, hence we can't create individual user accounts for them. That is the reason why I am thinking about creating a single account and sharing the credentials with all of the users.
Good suggestions regarding configuring default time limits, no real time search and a default index. I will configure these. My main concern was whether Splunk allows x number of users to login simultaneously with the same user id. If the answer is yes, I can create a shared account and map it to a role with the above mentioned configuration.
Did you ever figure this out?
Our use case is we have an organization that would sign in to only use the REST api with a webapp we have built. The users do not need to sign in to view the dashboards, so having a single shared user to just present the data within our application is ideal.
Hi, what are the limitations with splunk default authentication mechanism? I mean, you can create a role and assign this role to all 50 users, so that they all have same set of capabilities and permissions. Is this something which is not possible w.r.t your requirement?