Solved: Re: Splunk capabilities rol

julian0125 · ‎07-25-2019

Hello Splunkers!

i have a question, i am unable to search on splunk web that's because accidentaly deleted some capabilities on roles. I was able to log in but i cannot do searches or event see the apps, and also cannot enter to the access control option, appears a 500 internal error server. is there a way to resolve this? Thanks

jawaharas · ‎07-26-2019

If your are facing issue with 'admin' user and if you have access to Splunk installation files try below steps.

Navigate to $SPLUNK_HOME\etc\system\local\ path
Rename/delete the file 'authorize.conf' (say authorize.conf.bak)
Restart Splunk instance

View solution in original post

jawaharas · ‎07-26-2019

If your are facing issue with 'admin' user and if you have access to Splunk installation files try below steps.

Navigate to $SPLUNK_HOME\etc\system\local\ path
Rename/delete the file 'authorize.conf' (say authorize.conf.bak)
Restart Splunk instance

julian0125 · ‎07-26-2019

Hey @jawaharas, thank you very much, that works!!

Splunk capabilities rol

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

Are you a member of the Splunk Community?

Splunk capabilities rol

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25