Solved: user addition issue

ma_anand1984 · ‎08-14-2012

I add users in authentication.conf. I push them to SH. The updated file resides on .../primary/..
But when i reload (which i have to do for some reason), a new copy of authentication.conf is automatically created and is placed in ../etc/system/local/

this system/local copy overrides the one in primary.

Now i have to delete this system/local copy every time i add users to see newly added users in UI.

Is there a way to avoid this step ?

mwhite_splunk · ‎08-14-2012

Which authentication.conf are you adding users to? Are you manually adding via the auth.conf or via the Splunk Web UI? I also don't understand your reference to ../primary/..

They should be added to:

$SPLUNK_HOME/etc/system/local/authentication.conf.

The system should never overwrite anything in your:

$SPLUNK_HOME/etc/system/local/

directory as a general rule.

View solution in original post

mwhite_splunk · ‎08-14-2012

Which authentication.conf are you adding users to? Are you manually adding via the auth.conf or via the Splunk Web UI? I also don't understand your reference to ../primary/..

They should be added to:

$SPLUNK_HOME/etc/system/local/authentication.conf.

The system should never overwrite anything in your:

$SPLUNK_HOME/etc/system/local/

directory as a general rule.

user addition issue

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation