- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Regarding Federated search:
- Is the only authentication option username and password? We use SSO on the remote search head (LDAP/Reverse Proxy) which would be preferable.
- Why do you need to explicitly define each remote index on the FSH? Why don’t Splunk allow you to enable all indexes and save the effort of having the maintain the list
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @jonaclough,
For the first question, you'll have to use the username and password combination only for connecting to the remote search head. You can use a service account user created for federated search activities.
For second question, I believe it is good to have one to one mapping for index from a security point of view. Not all indexes are required to be allowed/searched on the federated search. Only the required ones as per the use cases can be added.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can i use federated search between different versions splunk?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @nejmeddine ,
Federated search can work on different Splunk versions as far as backward compatibility meets. You can find the same on the document below:
- Hope this helps..!! 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @jonaclough,
For the first question, you'll have to use the username and password combination only for connecting to the remote search head. You can use a service account user created for federated search activities.
For second question, I believe it is good to have one to one mapping for index from a security point of view. Not all indexes are required to be allowed/searched on the federated search. Only the required ones as per the use cases can be added.