Solved: Bulk import users?

stefanlasiewski · ‎02-22-2012

I am using Splunk with SSO (Shibboleth) for authentication. Unfortunately, I still need to create a Splunk user for every user coming in through SSO.

How can I bulk import users into Splunk, preferably from the command line?

There is a file named $SPLUNK_HOME/etc/passwd. I have added users to this file, but they don't appear in the web interface under http://splunk.example.org/en-US/manager/launcher/authentication/users . In addition, Splunk removes users from this file periodically.
The command $SPLUNK_HOME/bin/splunk import userdata -dir /tmp/export.dat, but there is almost no documentation about this feature, and I cannot find anything which describes the format of export.dat . It looks as if this feature is really intended to export userdata from Splunk and import it to another Splunk instance, which is not what I am trying to do.

stefanlasiewski · ‎03-21-2012

Well, in the end I just ended up doing a loop like:

for USER in $USERLIST
do
    $SPLUNK_HOME/bin/splunk add user ${USER}@example.org -password jibberish
done

Not quite a bulk import, but it gets the job done.

View solution in original post

stefanlasiewski · ‎03-21-2012

Well, in the end I just ended up doing a loop like:

for USER in $USERLIST
do
    $SPLUNK_HOME/bin/splunk add user ${USER}@example.org -password jibberish
done

Not quite a bulk import, but it gets the job done.

premg · ‎03-11-2014

Hi,
We have a scenario like one deployment server and two search heads. Can we bulk load the users from deployment servers for the searchheads?

ChrisG · ‎02-22-2012

Have you tried adding users using a script with the CLI (import userdata)?

ChrisG · ‎03-01-2012

Oh look, yes you did. Not sure how I missed that, sorry!

stefanlasiewski · ‎03-01-2012

Yes I have, which is why I mentioned import userdata in my question.

ithangasamy_spl · ‎02-22-2012

It is the authz that require the user to be available in splunk, you can workaround by either
creating a LDAP strategy pointing to your Shibboleth identity store if it is LDAP.
or
duplicating the Shibboleth user identities in the Splunk with proper role mapping
I use a script like this to create a local splunk users

#!/bin/sh
FILE=$HOME/scripts/uids.txt
ACTION=$1

user_add()
{
line1=$1
curl -k  -u admin:changeme -X POST -d "name=$line&password=$line&roles=admin" https://localhost:8089/services/authentication/users
#curl -k  -u admin:changeme -X POST -d "name=$line&password=$line&roles=splunk_role_edit_tcp" https://localhost:8089/services/authentication/users
 echo "Creating User $line"
return 0
}
user_del()
{
line1=$1
curl -k  -u admin:changeme -X DELETE https://localhost:8089/services/authentication/users/$line1
 echo "Deleting User $line"
return 0
}
user_auth()
{
line1=$1
curl -k -X POST -d "username=$line1&password=$line1" https://localhost:8089/services/auth/login
 echo "Authenticating User $line"
return 0
}

cat $FILE|while read line
do
if [ $ACTION = "add" ]
then
 user_add $line
elif [ $ACTION = "del" ]
then
 user_del $line
else
 user_add $line
 user_auth $line
 user_del $line
fi
done

my uids.txt is something like, I use uid/pwd same but you get the point



Lewis_User0

Cesar_User1

Mark_User2

James_User3

hope this helps

Bulk import users?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation