Security

Search head pooling and authorize.conf

echalex
Builder

Hi,

I'm wondering how Splunk (4.3.x) deals with new roles created through the GUI. Since they're located in etc/system, I suppose you have to distribute any changes by yourself, or is there a way to automate this?

1 Solution

echalex
Builder

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

View solution in original post

0 Karma

rmorlen
Splunk Employee
Splunk Employee

That is how we handle authorize.conf. We have the common (shareable) information in a "splunk_system" app and the server specific information in $SPLUNK_HOME/etc/system/local. We do this for all the $SPLUNK_HOME/etc/system/local config files.

0 Karma

echalex
Builder

Maybe I should've searched better, but hopefully the link to the doc is useful to you. 🙂

0 Karma

echalex
Builder

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

I'm in a similar situation, but on 5.0.1. I'd love to see the solution as well.

Get Updates on the Splunk Community!

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...

Use ‘em or lose ‘em | Splunk training units do expire

Whether it’s hummus, a ham sandwich, or a human, almost everything in this world has an expiration date. And, ...