Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Search-App Activity-DropDown-System-Activity only viewable by Administrator

t9445
Path Finder
‎01-24-2014 08:01 AM

Hi, this is likely a noon question

In V6, "Search & Reporting" App - the menu-bar contains an "Activity" drop-down (far right next to "help"), if we are logged in as Administrator then within the "Activity" drop-down is "System Activity", otherwise it just contains "Jobs" and "Triggered Alerts"

The ability to access the Sub-Menu "Activity" (which contains essentially a great subset of the deployment-monitor/SOS apps) is only visible for the Admin user, what role-permission(s) or tweaks do we need to set on other roles (without inheriting admin directly) should we set to make that sub-menu visible please?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎01-24-2014 04:35 PM

The "System Activity" link points to the status_index view in the search app, which by default is only visible for the admin role. You can of course change that and add other roles - make sure to make all linked pages visible as well though. Additionally, those views are going to look inside the _internal index, so that role must be able to search that as well.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎01-27-2014 01:56 PM

Concerning #1 - as I've said in the answer, that role must be able to search the _internal index. If your role cannot do that then you need to allow that role to search it, or give the users a second role that does nothing other than allow them to search _internal.

Concerning #2 - yeah, the menu will not magically appear. However, you can drop a link to the status_index view in the regular navigation for your apps. They'll be able to use the view despite not being able to see the dropdown menu.

0 Karma
Reply

t9445
Path Finder
‎01-27-2014 01:08 PM

Hi, this does not appear to work?

  1. The user-group does have access to _internal (e.g. can run "index=_internal" queries etc) – and the user in question is a member of “other_group” (see below please).

  2. Have setup permissions to allow the user-group to have full r/w access to [views/status_index], even restarted the search-head – the user group in question cannot see the dropdown-menu still?

e.g. in /etc/apps/search/metadata/local.meta

==

[views/status_index]
access = read : [ admin, other_group ], write : [ admin, other_group ]

==

Appreciate any further advice.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...