Hi All,
Currently, I possess Splunk Cloud Environment.
Currently, I am facing Search restriction to specific index issue.
Issue details are as below:
- I have created a local user ("user_app1") on Splunk cloud (Splunk Authentication)
- Created a role (test_role_app1) and mapped it to app "test_app1"
- I have added "user" role from Available roles for this created role.
- I have set Available indexes to "index_app1" specific to this app.
- I have set Available search indexes to "index_app1" which is specific to this app ("test_app1")
- Saved it.
- I have created a local user on Splunk cloud ("user_app1")
In the Available Roles, I have selected "test_role_app1" created above and saved it.
Now, I login to SPlunk cloud with local user credentials ("user_app1")
When, I search the indexed data of another index ("index_app2"), I can still search the log data specific to this index.
How can I restrict the index data such that I can search the log data specific to "index_app1" only.
Kindly guide me on this, if I am missing any steps in restricting the log data to "index_app1",
thanks, Santosh
