Solved: Search head pooling and authorize.conf

echalex · ‎04-03-2013

Hi,

I'm wondering how Splunk (4.3.x) deals with new roles created through the GUI. Since they're located in etc/system, I suppose you have to distribute any changes by yourself, or is there a way to automate this?

echalex · ‎04-03-2013

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

View solution in original post

rmorlen · ‎04-03-2013

That is how we handle authorize.conf. We have the common (shareable) information in a "splunk_system" app and the server specific information in $SPLUNK_HOME/etc/system/local. We do this for all the $SPLUNK_HOME/etc/system/local config files.

echalex · ‎04-03-2013

Maybe I should've searched better, but hopefully the link to the doc is useful to you. 🙂

echalex · ‎04-03-2013

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

alacercogitatus · ‎04-03-2013

I'm in a similar situation, but on 5.0.1. I'd love to see the solution as well.

Search head pooling and authorize.conf

Best Strategies to Optimize Observability Costs

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...