Solved: Splunk capabilities rol

julian0125 · ‎07-25-2019

Hello Splunkers!

i have a question, i am unable to search on splunk web that's because accidentaly deleted some capabilities on roles. I was able to log in but i cannot do searches or event see the apps, and also cannot enter to the access control option, appears a 500 internal error server. is there a way to resolve this? Thanks

jawaharas · ‎07-26-2019

If your are facing issue with 'admin' user and if you have access to Splunk installation files try below steps.

Navigate to $SPLUNK_HOME\etc\system\local\ path
Rename/delete the file 'authorize.conf' (say authorize.conf.bak)
Restart Splunk instance

View solution in original post

jawaharas · ‎07-26-2019

If your are facing issue with 'admin' user and if you have access to Splunk installation files try below steps.

Navigate to $SPLUNK_HOME\etc\system\local\ path
Rename/delete the file 'authorize.conf' (say authorize.conf.bak)
Restart Splunk instance

julian0125 · ‎07-26-2019

Hey @jawaharas, thank you very much, that works!!

Splunk capabilities rol

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

Splunk capabilities rol

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk