Solved: Search head pooling and authorize.conf

echalex · ‎04-03-2013

Hi,

I'm wondering how Splunk (4.3.x) deals with new roles created through the GUI. Since they're located in etc/system, I suppose you have to distribute any changes by yourself, or is there a way to automate this?

echalex · ‎04-03-2013

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

View solution in original post

rmorlen · ‎04-03-2013

That is how we handle authorize.conf. We have the common (shareable) information in a "splunk_system" app and the server specific information in $SPLUNK_HOME/etc/system/local. We do this for all the $SPLUNK_HOME/etc/system/local config files.

echalex · ‎04-03-2013

Maybe I should've searched better, but hopefully the link to the doc is useful to you. 🙂

echalex · ‎04-03-2013

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

alacercogitatus · ‎04-03-2013

I'm in a similar situation, but on 5.0.1. I'd love to see the solution as well.

Search head pooling and authorize.conf

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes