Security

What would be a good quota base for user, power and admin roles?

Motivator

We would like to reassess and set a good base line for the user, power and admin roles. Meaning, setting reasonable quotas for Restrict search time range, User-level concurrent search jobs limit , User-level concurrent real-time search jobs limit, Role-level concurrent search jobs limit, Role-level concurrent real-time search jobs limit and Limit total jobs disk quota.

How should we go about it?

Tags (3)
0 Karma

Builder

I would keep the default quotas and doing the adjustments according to customer behaviour. For example, if you have a lot of customers running real-time searches and your hardware is getting too much load, you have to limit the real-time searches for those users or get more powerful hardware to process them. I worked on a company where customers are using too much disk to process their reports(triggering several ad-hoc reports at the same time)and it was getting all the free disk space available on the server, so we have to create a new role and adjust the disk user quota to those users to prevent disk space issues.

Motivator

Makes sense - the default quotas are in authorize.conf, right?

0 Karma

Builder

That is correct. You can also setup it at role level from web interface go to menu settings/user and authentication, select the role you want o change it and select resources tab.

0 Karma

SplunkTrust
SplunkTrust

What's wrong with the default quotas?

---
If this reply helps you, an upvote would be appreciated.