Hi @adminp4l ,
I try to answer to your questions:
2. How can we search individual projects in Splunk, means each project owner have only access or visible to their particular projects.
What do you mean with "Projects"?
3. Is all logging happened in the server where we hosted our applications.
Splunk logs every action on the system in the _audit and _internal indexes.
4. Duration for maintaining all logs. Are we get logs for last 1 year. I can see up to 30 days in the filter option.
If you're speaking of Splunk on premise, you can define the retention of your logs by yourself, but remember that you have to do a Capacity Plan to define the storage requirements for a retention of one year.
If instead you're speaking of Splunk Cloud, the default retention is 90 days but you can buy a longer retention.
About filters, for my knowledge, it isn't possible to limit the filtering period, but you can delete the default filter options greater than 30 days, but this doesn't limity the possibility to manually set a greater search period.
5. Cost for the subscription which includes support.
Abut costs, they depends on the volume of your logs: you pay a license for the daily indexed logs.
You have to define your usual logs volume and buy a license for them, you can exceed this value for 45 times in the last 60 days, so you have to make a puntual Capacity Plan for your license.
For the cost, you have to ask to your Splunk partner that asks to the local distributor.
Here you can find more infos:
In Internet there is also this site, but I'm not sure that's a Splunk official site https://splunkpricing.com/
Some months ago there was an official Splunk prices page, but now there isn't more.
which topic are you speaking of?
You can find a Tutorial for the SQL (the search language of Splunk) at https://docs.splunk.com/Documentation/Splunk/8.2.0/SearchTutorial/WelcometotheSearchTutorial
You can find free courses about Splunk fundamentals and architecture at https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html and https://www.splunk.com/en_us/training/free-courses/splunk-infastructure-overview.html
Then you can find many videos on YouTube.
I am using Splunk enterprise and looking for how to configure only respective team members have access to their own projects not other projects.
It would be very much helpful if you could provide any tutorials for creating multiple projects logs with permission to access in one login itself.
as you can see at https://docs.splunk.com/Documentation/Splunk/8.2.0/Admin/Aboutusersandroles, the steps to configure access grants to apps is something like this (with only local users):
In this way you're sure that each user can access only the neede Apps, Functions and Indexes.
Probably this video will help you https://www.youtube.com/watch?v=A4IRcdSKmys
If you use Active Directory or SAML as authentication the procedure is the same for the roles creation and different in User / rolesa association as you can see at https://docs.splunk.com/Documentation/Splunk/8.2.0/InheritedDeployment/Usersrolesandauthentication
We have created different user roles. But each user can able to view all project logs. Can we restrict these user to view other project logs.
It would be much appreciate if you can share settings the view permission to restrict for other projects view.
at first check the enabled indexes for each roles: you have to give to each solo, only the access to the requested indexes.
Then you have to check if there's some "Inheritance", because in this case, the role takes the grantes of the inheritated role.