Splunk Search

Search-App Activity-DropDown-System-Activity only viewable by Administrator

t9445
Path Finder

Hi, this is likely a noon question

In V6, "Search & Reporting" App - the menu-bar contains an "Activity" drop-down (far right next to "help"), if we are logged in as Administrator then within the "Activity" drop-down is "System Activity", otherwise it just contains "Jobs" and "Triggered Alerts"

The ability to access the Sub-Menu "Activity" (which contains essentially a great subset of the deployment-monitor/SOS apps) is only visible for the Admin user, what role-permission(s) or tweaks do we need to set on other roles (without inheriting admin directly) should we set to make that sub-menu visible please?

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

The "System Activity" link points to the status_index view in the search app, which by default is only visible for the admin role. You can of course change that and add other roles - make sure to make all linked pages visible as well though. Additionally, those views are going to look inside the _internal index, so that role must be able to search that as well.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Concerning #1 - as I've said in the answer, that role must be able to search the _internal index. If your role cannot do that then you need to allow that role to search it, or give the users a second role that does nothing other than allow them to search _internal.

Concerning #2 - yeah, the menu will not magically appear. However, you can drop a link to the status_index view in the regular navigation for your apps. They'll be able to use the view despite not being able to see the dropdown menu.

0 Karma

t9445
Path Finder

Hi, this does not appear to work?

  1. The user-group does have access to _internal (e.g. can run "index=_internal" queries etc) – and the user in question is a member of “other_group” (see below please).

  2. Have setup permissions to allow the user-group to have full r/w access to [views/status_index], even restarted the search-head – the user group in question cannot see the dropdown-menu still?

e.g. in /etc/apps/search/metadata/local.meta

==

[views/status_index]
access = read : [ admin, other_group ], write : [ admin, other_group ]

==

Appreciate any further advice.

Thanks

0 Karma
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...