Security

grant access to splunk

Path Finder

where to grant access ..in access control ? give me steps
please give me detailed steps on how to gove splunk access with roles

Tags (1)
0 Karma

Motivator

@shraddhamuduli

There are multiple ways you can authenticate users to splunk.

Below steps for LDAP authentication for Active directory based configuration. for more details check below links,

http://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/Authenticationconf#authentication.conf.examp...
http://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/Authorizeconf#authorize.conf.example

$SPLUNK_HOME/etc/system/local/authentication.conf

Sample Configuration for Active Directory (AD)

[authentication]
authSettings = AD
authType = LDAP

[AD]
SSLEnabled = 1
bindDN = ldapbind@splunksupport.kom
bindDNpassword = ldap
binduserpassword
groupBaseDN = CN=Groups,DC=splunksupport,DC=kom
groupBaseFilter =
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = ADbogus.splunksupport.kom
port = 636
realNameAttribute = cn
userBaseDN = CN=Users,DC=splunksupport,DC=kom
userBaseFilter =
userNameAttribute = sAMAccountName
timelimit = 15
networktimeout = 20
anonymous
referrals = 0

[roleMapAD]
admin = SplunkAdmins
power = SplunkPowerUsers
user = SplunkUsers
new
user = adgroupnewuser;adgroupnewuser1 ### AD group name

$SPLUNK_HOME/etc/system/local/authorize.conf

[rolenewuser]
rtsearch = enabled
importRoles = user
srchFilter = host=foo
srchIndexesAllowed = *
srchIndexesDefault = mail;main
srchJobsQuota = 8
rtSrchJobsQuota = 8
srchDiskQuota = 500

I hope this helps

0 Karma

Influencer

Plenty of documentation. Feel free to ask additional questions on any specific issues you get stuck with. https://docs.splunk.com/Documentation/Splunk/latest/Security/UseaccesscontroltosecureSplunkdata

0 Karma