I have the following entry in my $SPLUNK_HOME/etc/system/local/inputs.conf file -- [monitor:///appl/sharp/logs/*.fip] host = trpramprptapp1.vm.itg.corp.us.shldcorp.com sourcetype = sharp_fip index = sharp ignoreOlderThan = 1d the dahsboard that we have is still reindexing all the log files, even thoough we have specified to not index the data older than 1 day. ... View more

Hi, I have created LDAP configuration in our SPLUNK deployment. Version 6.0 DO NOT EDIT THIS FILE! Please make all changes to files in $SPLUNK_HOME/etc/system/local. To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/system/default into ../local and edit there. This file configures authentication. [authentication] authType = LDAP authSettings = SHC Note: the caching specified in this stanza only applies to scripted authentication. If you are using scripted authentication, you can override these cache timing values in your $SPLUNK_HOME/etc/system/local/authentication.conf [SHC] host = XXXXXXXXXXXXXXXXXXXXX port = 389 SSLEnabled = 0 bindDN = anonymous User Configurations realNameAttribute = cn userBaseDN = ou=people,o=intra,dc=sears,dc=com userBaseFilter = (objectclass=*) userNameAttribute = uid Group Configurations groupBaseDN = ou=people,o=intra,dc=sears,dc=com groupBaseFilter = (objectclass=*) groupMappingAttribute = uid groupMemberAttribute = uid groupNameAttribute = uid [roleMap_SHC] admin = lbirnba;pbussie;rsen0;vjaiswa All the users have got added. But they they are not able to login(except for the admin users). I think I need to assign each user to a role before they can login. I am thinking of assigning the "user" role to all users. How do I achieve that without using groups. We do not use groups in our LDAP. ... View more