About yungro

yungro · ‎08-31-2015

You may have logged in using a LDAP account. Make sure to use a local account when making LDAP configuration changes

yungro · ‎04-09-2015

To configure Splunk to ignore inactive account, simply add the userAccountControl as follow in the "User base filter" field: (&(objectCategory=Person)(sAMAccountName=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

yungro · ‎03-27-2014

The only way I can think of is to use scripted authentication. You can find more info at http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkToUsePAMOrRADIUSAuthentication. -Ming

yungro · ‎03-27-2014

We are using LDAP group and then map Splunk role with each LDAP group. Role is assigned to LDAP users by adding them to the appropriate LDAP group. In your case without using LDAP groups, if admin role users can log in then by the same token, you can assign users to Splunk role 'user' as follow under 'roleMap_SHC' stanza: [roleMap_SHC] admin = lbirnba;pbussie;rsen0;vjaiswa user = ; ; Ming

yungro · ‎01-21-2014

How should the outputs.conf be configured with props.conf and transforms.conf configured as above?

yungro · ‎02-13-2012

This works for me too.

Posts	6
Solutions	2
Karma Given	1
Karma Received	3
Member Since	‎11-14-2011

Online Status	Offline
Date Last Visited	‎06-05-2020 02:03 AM

Re: Why am I getting a timeout error in Splunk try...

Re: How can I exclude disabled Active Directory us...

Re: mapping users to role

Re: mapping users to role

Re: Syslog forwarding and rewrite of host

Re: SQL Server ERRORLOG