i have user that have permission in Splunk from Active Directory group and he can't search anything
when he types something and clicks on search, he didn't receive results or an error massage (nothing happened )
while other users in the same group have ability to search and see result
i try to remove the user from the group and add it again- same problem
i try to check the user on different computer -same problem
i try to reload authentication configuration -same problem
Splunk version 6.4.1
I think there are several things you can double-check:
Go to Access Controls > Roles > User, and view the Indexes selections to make sure your user in question belongs to a role that has access to to the index against which to search for data.
Go to Access controls > Authentication method > LDAP strategies and select Map Groups to make sure the relationships between LDAP groups and Splunk roles are properly defined and the role your user in question is mapped to has the appropriate access rights in Splunk.
The user on the correct group ,i try to remove cache and open in new browser and type index=* earliest=-1d on search bar the problem still there its dosen`t show aynthing
I also check the setting that Hunter advise and the everything look ok like other user on the correct group and fields
i try to check with new test user that i created on AD and i have same problem , looks like only old users can serech on splunk
there is any user limit on splunk ?