Splunk Enterprise

REST Authentication to IDX Cluster Peer

TheEggi98
Path Finder

Hi,
i have a question on Authenticating to IDX Cluster Peer via REST.

We have the following Environment:
3 IDX in Cluster
3 SH in Cluster
1 CM (License Manager, IDX Cluster Manager, Deployer & Deploymentserver)

Our normal Authentication for Web is currently with LDAP.

With my LDAP-User i can directly perform a GET request to an Indexer, but with a local User created over WebUI (tried local user in SHC and on CM) i cant perform any request to an indexer. 

The WebUI is disabled on the Indexers and they dont have the LDAP Configuration as the Searchheads does.

How does it come, that the Indexer know my LDAP User but not the locally created?

And how can i let the indexers to get to know a locally on SH or CM created user?

Labels (3)
0 Karma
1 Solution

PickleRick
SplunkTrust
SplunkTrust

Each component has its own authentication settings (in case of search head cluster they are either pushed from deployer to all members or configured in run-time and distributed among members). So it's only natural that you can't authenticate to indexer using SH user.

If you can authenticate on your indexer it means someone needlessly pushed LDAP configuration to indexer layer (users don't interact with indexers directly!).

View solution in original post

TheEggi98
Path Finder

Thank you, found the authentication.conf with LDAP Configuration on our indexers

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Each component has its own authentication settings (in case of search head cluster they are either pushed from deployer to all members or configured in run-time and distributed among members). So it's only natural that you can't authenticate to indexer using SH user.

If you can authenticate on your indexer it means someone needlessly pushed LDAP configuration to indexer layer (users don't interact with indexers directly!).

Get Updates on the Splunk Community!

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...

Enterprise Security Content Update (ESCU) | New Releases

In October, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...