Solved: can we restrict the access in splunk

anshuman19 · ‎01-17-2018

Suppose i have 6 aws instances sending log to splunk and we have 3 user :
1st is admin can see all 6 instances
2nd is user1 can see only 2 specific instances
3nd is user2 can see only 2 specific instances

user 2 and 3 can only see which they are configured to.

how can we implement this??

richgalloway · ‎01-17-2018

Put the logs from the restricted instances into separate indexes. Secure the indexes so 1st user can read all of them, but users 2 and 3 can only read their respective index.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎01-17-2018

Put the logs from the restricted instances into separate indexes. Secure the indexes so 1st user can read all of them, but users 2 and 3 can only read their respective index.

---
If this reply helps you, Karma would be appreciated.

can we restrict the access in splunk

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Are you a member of the Splunk Community?

can we restrict the access in splunk

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions