How do I prevent some users from running the collect command?

Path Finder

I want to be able to prevent some users from using the collect command. How to do that? Is there a capability that controls whether or not a user has permission to run collect?

1 Solution


ok, this is an old topic and it seems at that time of 2015 this feature was not there..

and now, authorize.conf gives a way to grant/remove this collect command from a user...

* Lets a user run the collect command.

(at this time of this writing the current splunk version is 7.1.2)

Splunk Employee
Splunk Employee

Verified that the collect command is connected to the authorize.conf permission [capability::indexes_edit]

0 Karma