Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Bulk import users?

stefanlasiewski
Contributor
‎02-22-2012 02:37 PM

I am using Splunk with SSO (Shibboleth) for authentication. Unfortunately, I still need to create a Splunk user for every user coming in through SSO.

How can I bulk import users into Splunk, preferably from the command line?

  • There is a file named $SPLUNK_HOME/etc/passwd. I have added users to this file, but they don't appear in the web interface under http://splunk.example.org/en-US/manager/launcher/authentication/users . In addition, Splunk removes users from this file periodically.

  • The command $SPLUNK_HOME/bin/splunk import userdata -dir /tmp/export.dat, but there is almost no documentation about this feature, and I cannot find anything which describes the format of export.dat . It looks as if this feature is really intended to export userdata from Splunk and import it to another Splunk instance, which is not what I am trying to do.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

stefanlasiewski
Contributor
‎03-21-2012 04:52 PM

Well, in the end I just ended up doing a loop like:

for USER in $USERLIST
do
    $SPLUNK_HOME/bin/splunk add user ${USER}@example.org -password jibberish
done

Not quite a bulk import, but it gets the job done.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

stefanlasiewski
Contributor
‎03-21-2012 04:52 PM

Well, in the end I just ended up doing a loop like:

for USER in $USERLIST
do
    $SPLUNK_HOME/bin/splunk add user ${USER}@example.org -password jibberish
done

Not quite a bulk import, but it gets the job done.

0 Karma
Reply
Solved! Jump to solution

premg
Engager
‎03-11-2014 02:31 AM

Hi,
We have a scenario like one deployment server and two search heads. Can we bulk load the users from deployment servers for the searchheads?

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎02-22-2012 04:56 PM

Have you tried adding users using a script with the CLI (import userdata)?

Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎03-01-2012 03:58 PM

Oh look, yes you did. Not sure how I missed that, sorry!

0 Karma
Reply
Solved! Jump to solution

stefanlasiewski
Contributor
‎03-01-2012 03:45 PM

Yes I have, which is why I mentioned import userdata in my question.

0 Karma
Reply
Solved! Jump to solution

ithangasamy_spl
Splunk Employee
Splunk Employee
‎02-22-2012 04:40 PM

It is the authz that require the user to be available in splunk, you can workaround by either
creating a LDAP strategy pointing to your Shibboleth identity store if it is LDAP.
or
duplicating the Shibboleth user identities in the Splunk with proper role mapping
I use a script like this to create a local splunk users

#!/bin/sh
FILE=$HOME/scripts/uids.txt
ACTION=$1

user_add()
{
line1=$1
curl -k  -u admin:changeme -X POST -d "name=$line&password=$line&roles=admin" https://localhost:8089/services/authentication/users
#curl -k  -u admin:changeme -X POST -d "name=$line&password=$line&roles=splunk_role_edit_tcp" https://localhost:8089/services/authentication/users
 echo "Creating User $line"
return 0
}
user_del()
{
line1=$1
curl -k  -u admin:changeme -X DELETE https://localhost:8089/services/authentication/users/$line1
 echo "Deleting User $line"
return 0
}
user_auth()
{
line1=$1
curl -k -X POST -d "username=$line1&password=$line1" https://localhost:8089/services/auth/login
 echo "Authenticating User $line"
return 0
}

cat $FILE|while read line
do
if [ $ACTION = "add" ]
then
 user_add $line
elif [ $ACTION = "del" ]
then
 user_del $line
else
 user_add $line
 user_auth $line
 user_del $line
fi
done

my uids.txt is something like, I use uid/pwd same but you get the point



Lewis_User0

Cesar_User1

Mark_User2

James_User3

hope this helps

Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...