Hello, regarding filtering Splunk roles, we would like to only allow transforming commands (stats, timechart...) for users on a specific search head. This search head is not part of the cluster, only querying clustered indexers. The aim is to avoid specific users from accessing raw indexes data, only show statistics. At the moment we use summary indexing in local index by scheduling reports with sistats or sitimechart but it's long and heavy to convert searches. Thanks for your help.
... View more