Splunk Search

Limit an Apps Search Context

rdevine
Path Finder

I'm hoping to create apps for each of our departments that only allow them to search specific data from splunk. This Document covers how to limit users to a specific app or apps, however, in that app how do I limit what data they can search on. We dump all of our event log data to the same index, so in a perfect world, these would not be per-index limits, but rather masked search terms that prefix their searches.

0 Karma
1 Solution

sdaniels
Splunk Employee
Splunk Employee

In that case you'd probably want to create several roles for the various departments. When you create a role you can have search limitations prepended for that role. Look in Manager > Access Controls > Roles. You can then assign users to that role.

View solution in original post

sdaniels
Splunk Employee
Splunk Employee

In that case you'd probably want to create several roles for the various departments. When you create a role you can have search limitations prepended for that role. Look in Manager > Access Controls > Roles. You can then assign users to that role.

rakesh007
New Member

Can you please tell me how to access the Manager > access controls > roles?

0 Karma

rdevine
Path Finder

This is exactly what i was looking for. Thank you.

0 Karma
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...