Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a supported and easy way to exclude Splunk's internal logs from the access_center in Splunk ES?

daniel333
Builder
‎04-09-2018 04:49 PM

All,

Is there a supported and easy way to exclude Splunk's internal logs from the access_center in Splunk ES? possible to just block reading the hidden indexes?

0 Karma
Reply

jneighbors_splu
Splunk Employee
Splunk Employee
‎04-17-2018 08:29 AM

You can just modify the searches for the dashboards to not include the _internal index. This can be done in the dashboard panels themselves or in the xml.

I believe the following doc should have the info you would need fot this.

http://docs.splunk.com/Documentation/Splunk/7.0.3/Viz/DashboardEditor

0 Karma
Reply

deepashri_123
Motivator
‎04-09-2018 06:22 PM

Hey daniel333,

Is there any particular reason to this?
You can disable internal indexes for specific roles.
You can refer this doc:
https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Aboutusersandroles

Let me know if this helps!!

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...