Solved: Search head pooling and authorize.conf

echalex · ‎04-03-2013

Hi,

I'm wondering how Splunk (4.3.x) deals with new roles created through the GUI. Since they're located in etc/system, I suppose you have to distribute any changes by yourself, or is there a way to automate this?

echalex · ‎04-03-2013

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

View solution in original post

rmorlen · ‎04-03-2013

That is how we handle authorize.conf. We have the common (shareable) information in a "splunk_system" app and the server specific information in $SPLUNK_HOME/etc/system/local. We do this for all the $SPLUNK_HOME/etc/system/local config files.

echalex · ‎04-03-2013

Maybe I should've searched better, but hopefully the link to the doc is useful to you. 🙂

echalex · ‎04-03-2013

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

alacercogitatus · ‎04-03-2013

I'm in a similar situation, but on 5.0.1. I'd love to see the solution as well.

Search head pooling and authorize.conf

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Search head pooling and authorize.conf

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!