Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Remove a field from certain roles view

celdridge1988
Engager
‎02-18-2020 05:35 AM

Hi Everyone,
The scenario here is:

Email data being ingested by Splunk. We want to be able to give access to this index to a number of people but confidential information is sometimes presented in the subject line of an email and the subject is a part of the log.

Is it possible to block just this field on certain roles but not all?

Thank you 🙂

0 Karma
Reply

manjunathmeti
Champion
‎02-18-2020 05:52 AM

If a role gets access to an index then user of that role can search all the fields of that index. Access can't be controlled on field names. Best thing you can do is write a search to anonymize or remove confidential fields and write output to a summary index and give access to summary index to restricted roles.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...