Hi there, Looking into /opt/splunk/etc/system/local/authorize.conf I saw alot of configurations as below. Would like to understand how this came about, and is it of any concern? t...
...herefore, I have edited authorize.conf on each member. I am using srchIndexesDisallowed. An account with role_user_a should only be able to search index_a. The c...
Hello guys,
is it OK to use srchMaxTime = 9000, it looks like it does 9000 seconds?
In authorize.conf doc it asks for srchMaxTime = <integer><unit>
We use Splunk Enterprise 7.1...
Is the Order in a Stanza in the authorize.conf important? Is it possible to change the example from the documantation to
[role_ninja]
rtsearch = enabled
importRoles = user
s...
We are using v8.0.4 of Splunk Enterpise. In our authorize.conf I see roles are disabled. Examples: [role_sec_power_user] disabled = true [role_sec_admin_user] disabled = true [r...
On the deployer server we have the authorize.conf under /opt/splunk/etc/shcluster/apps/key_all_authentication/local and on the search heads we ended up having authorize.conf under etc/system/l...
Hi All,
I was wondering if someone could provide a search string that would list Users present within my Splunk Cloud instance, along with assigned "capabilities".
Kind regards,
Mike
Hi all, I have an authorize.conf located in an application, which is usually deployed via Deployer to SH members. There is also an authorize.conf at our system/local directory ( Created by GUI)....
Hi,
I'm wondering how Splunk (4.3.x) deals with new roles created through the GUI. Since they're located in etc/system, I suppose you have to distribute any changes by yourself, or is there a way ...
I have users getting the "maximum disk usage quota has been reached" message and from other questions and answers I see I need to increase the srchDiskQuota setting in the authorize.conf file....