Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Defining new user in a new role with access to a specific index, does not show results

MoienABO
Loves-to-Learn Lots
‎12-05-2022 11:45 PM

Hi splunkers,

I've defined a new role and check all capabilities for that but just access to a specific index. when i search in that index, it doesn't show any results for me. With another user and another role i can search in that index. Something wired is when i change the user role to for example "user", the search results shown. is there a limit in number of roles can be defined in splunk? How can i troubleshoot these kindes of permissions in splunk logs?

Labels (1)
Labels
Tags (3)
0 Karma
Reply

MoienABO
Loves-to-Learn Lots
‎12-07-2022 12:25 AM

Thanks for your answer

all capabilities for that role are checked and in "indexes" section, cisco-asa, cisco-devices, cisco-ise, dhcp, fortigate and waf are checked. Here is a picture of authorize.conf:

Capture.PNG

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-07-2022 05:27 AM

And which index is the one you're trying to access and can't?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

MoienABO
Loves-to-Learn Lots
‎12-07-2022 05:56 AM

All of indexes listed above

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-06-2022 06:34 AM

The number of roles defined is not the issue.  Either the role or the user is defined incorrectly.  Please share the settings for the role, in particular the "indexes" tab.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...