Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Monitoring Console: How to edit roles via CLI or configuration files?

Aftend1971
Explorer
‎03-27-2018 06:07 AM

How to edit standalone roles in monitoring console? There (https://answers.splunk.com/answers/318342/how-to-change-server-roles-in-the-distributed-mana.html) is information about $SPLUNK_HOME/etc/apps/splunk_management_console/lookups/assets.csv but I guess that these roles are generated elsewhere (probably by DMC itself apps/splunk_monitoring_console/bin/dmc_config.py ?? ) ... So editing this file is not a right way, right?

There is also mention about distsearch.conf, but I did not find any info about roles. Probably splunk_monitoring_console_assets.conf has to have peers from distsearch.conf, but roles should be configured elsewhere.

Any idea? Except manual edit in GUI. Thanks

EDIT:
Monitoring Console should be refreshed after change anyway. But I did not find any CLI command, or REST requests to refresh it.

EDIT2:
Seems that output is populated from Search: DMC Asset - Build Standalone Asset Table

0 Karma
Reply

splunker12er
Motivator
‎03-28-2018 01:41 AM

There is no Splunk CLI command to edit splunk server roles.

The server role are set inside a csv file $SPLUNK_HOME/etc/apps/splunk_management_console/lookups/assets.csv you can edit this file using some editor and if you if you may wish have a backup - though its populated by script by default it doesn't somehow doesnt manage to set proper roles to you env,. you may need to change it manually

0 Karma
Reply

Aftend1971
Explorer
‎03-28-2018 03:41 AM

But $SPLUNK_HOME/etc/apps/splunk_management_console/lookups/assets.csv is populated from upstream script.

Even if you edit $SPLUNK_HOME/etc/apps/splunk_management_console/lookups/assets.csv roles are not refreshed in monitoring console.

I guess this file can be overrided every time that script is triggered.

DMC Asset - Build Standalone Asset Table leads to [dmc_get_local_instance_asset_computed_groups] macro, which will populate assets.csv
from
https://127.0.0.1:8089/services/server/info?output_mode=json

http://docs.splunk.com/Documentation/Splunk/7.0.2/RESTREF/RESTsystem#server.2Froles

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...