grant access to splunk

Mohsin123 · ‎12-07-2017

where to grant access ..in access control ? give me steps
please give me detailed steps on how to gove splunk access with roles

sbbadri · ‎12-07-2017

@Anonymous

There are multiple ways you can authenticate users to splunk.

Below steps for LDAP authentication for Active directory based configuration. for more details check below links,

http://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/Authenticationconf#authentication.conf.examp...
http://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/Authorizeconf#authorize.conf.example

$SPLUNK_HOME/etc/system/local/authentication.conf

Sample Configuration for Active Directory (AD)

[authentication]
authSettings = AD
authType = LDAP

[AD]
SSLEnabled = 1
bindDN = ldap_bind@splunksupport.kom
bindDNpassword = ldap_bind_user_password
groupBaseDN = CN=Groups,DC=splunksupport,DC=kom
groupBaseFilter =
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = ADbogus.splunksupport.kom
port = 636
realNameAttribute = cn
userBaseDN = CN=Users,DC=splunksupport,DC=kom
userBaseFilter =
userNameAttribute = sAMAccountName
timelimit = 15
network_timeout = 20
anonymous_referrals = 0

[roleMap_AD]
admin = SplunkAdmins
power = SplunkPowerUsers
user = SplunkUsers
new_user = adgroupnewuser;adgroupnewuser1 ### AD group name

$SPLUNK_HOME/etc/system/local/authorize.conf

[role_new_user]
rtsearch = enabled
importRoles = user
srchFilter = host=foo
srchIndexesAllowed = *
srchIndexesDefault = mail;main
srchJobsQuota = 8
rtSrchJobsQuota = 8
srchDiskQuota = 500

I hope this helps

jplumsdaine22 · ‎12-07-2017

Plenty of documentation. Feel free to ask additional questions on any specific issues you get stuck with. https://docs.splunk.com/Documentation/Splunk/latest/Security/UseaccesscontroltosecureSplunkdata