Solved: Splunk capabilities rol

julian0125 · ‎07-25-2019

Hello Splunkers!

i have a question, i am unable to search on splunk web that's because accidentaly deleted some capabilities on roles. I was able to log in but i cannot do searches or event see the apps, and also cannot enter to the access control option, appears a 500 internal error server. is there a way to resolve this? Thanks

jawaharas · ‎07-26-2019

If your are facing issue with 'admin' user and if you have access to Splunk installation files try below steps.

Navigate to $SPLUNK_HOME\etc\system\local\ path
Rename/delete the file 'authorize.conf' (say authorize.conf.bak)
Restart Splunk instance

View solution in original post

jawaharas · ‎07-26-2019

If your are facing issue with 'admin' user and if you have access to Splunk installation files try below steps.

Navigate to $SPLUNK_HOME\etc\system\local\ path
Rename/delete the file 'authorize.conf' (say authorize.conf.bak)
Restart Splunk instance

julian0125 · ‎07-26-2019

Hey @jawaharas, thank you very much, that works!!

Splunk capabilities rol

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update