I'm seeing the error below under messages in my Splunk enterprise console:
Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...
Hi there, Looking into /opt/splunk/etc/system/local/authorize.conf I saw alot of configurations as below. Would like to understand how this came about, and is it of any concern? t...
I want to set up an organized system of permissions so we can give the right access to the right data and the right Splunk features to the right analysts in my organization. Can I get a sketch of h...
...oes not import role_1 directly)
Does role_3 then have all thecapabilities which were defined in role_1?
Does role_3 then have all the properties (e.g. srchTimeWin) which were defined in role...
Hi
We had a little discussion about splunk architectures and how roles should be designed.
I was wondering if anyone has any hints/best practices to defineroles.
My approach so far was to b...
Do new roles become grantable roles by default in Splunk?
I'm using Splunk 6.4.2.
I have created a delegated admin rolewithone user (say d_admin for instance). Here is its definition, a...
...earched.
Secondly I would like to limit the searches. Can I limit searches that use wildcard in index?
E.g. index=* index=test* index=*test
I am aware that "Access Controls > Roles" has a "R...
I have a mixed *nix and Windows environment and I'm currently collecting the Windows data withtheSplunk Add-on for Microsoft Windows as event data. I want to start using theSplunk App for I...