Splunk Dev

Bulk import users?

stefanlasiewski
Contributor

I am using Splunk with SSO (Shibboleth) for authentication. Unfortunately, I still need to create a Splunk user for every user coming in through SSO.

How can I bulk import users into Splunk, preferably from the command line?

  • There is a file named $SPLUNK_HOME/etc/passwd. I have added users to this file, but they don't appear in the web interface under http://splunk.example.org/en-US/manager/launcher/authentication/users . In addition, Splunk removes users from this file periodically.

  • The command $SPLUNK_HOME/bin/splunk import userdata -dir /tmp/export.dat, but there is almost no documentation about this feature, and I cannot find anything which describes the format of export.dat . It looks as if this feature is really intended to export userdata from Splunk and import it to another Splunk instance, which is not what I am trying to do.

Tags (1)
0 Karma
1 Solution

stefanlasiewski
Contributor

Well, in the end I just ended up doing a loop like:

for USER in $USERLIST
do
    $SPLUNK_HOME/bin/splunk add user ${USER}@example.org -password jibberish
done

Not quite a bulk import, but it gets the job done.

View solution in original post

0 Karma

stefanlasiewski
Contributor

Well, in the end I just ended up doing a loop like:

for USER in $USERLIST
do
    $SPLUNK_HOME/bin/splunk add user ${USER}@example.org -password jibberish
done

Not quite a bulk import, but it gets the job done.

0 Karma

premg
Engager

Hi,
We have a scenario like one deployment server and two search heads. Can we bulk load the users from deployment servers for the searchheads?

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Have you tried adding users using a script with the CLI (import userdata)?

ChrisG
Splunk Employee
Splunk Employee

Oh look, yes you did. Not sure how I missed that, sorry!

0 Karma

stefanlasiewski
Contributor

Yes I have, which is why I mentioned import userdata in my question.

0 Karma

ithangasamy_spl
Splunk Employee
Splunk Employee

It is the authz that require the user to be available in splunk, you can workaround by either
creating a LDAP strategy pointing to your Shibboleth identity store if it is LDAP.
or
duplicating the Shibboleth user identities in the Splunk with proper role mapping
I use a script like this to create a local splunk users

#!/bin/sh
FILE=$HOME/scripts/uids.txt
ACTION=$1

user_add()
{
line1=$1
curl -k  -u admin:changeme -X POST -d "name=$line&password=$line&roles=admin" https://localhost:8089/services/authentication/users
#curl -k  -u admin:changeme -X POST -d "name=$line&password=$line&roles=splunk_role_edit_tcp" https://localhost:8089/services/authentication/users
 echo "Creating User $line"
return 0
}
user_del()
{
line1=$1
curl -k  -u admin:changeme -X DELETE https://localhost:8089/services/authentication/users/$line1
 echo "Deleting User $line"
return 0
}
user_auth()
{
line1=$1
curl -k -X POST -d "username=$line1&password=$line1" https://localhost:8089/services/auth/login
 echo "Authenticating User $line"
return 0
}

cat $FILE|while read line
do
if [ $ACTION = "add" ]
then
 user_add $line
elif [ $ACTION = "del" ]
then
 user_del $line
else
 user_add $line
 user_auth $line
 user_del $line
fi
done 

my uids.txt is something like, I use uid/pwd same but you get the point


Lewis_User0
Cesar_User1
Mark_User2
James_User3

hope this helps

Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...