How can I use and centrally manage native Active Directory user accounts to create dedicated admin accounts for Splunk?



I want to create dedicated admin accounts for users so they are not running as admin, except when needed. However our Active Directory team will only issue 1 AD account per user. I thought then, perhaps I can use local/native accounts, but I am not certain how to centrally manage this? I would want the same account on all boxes, same password etc.

We do use puppet config management, but after playing with a test install of Splunk, I don't see the account in a flat file anywhere.

Can someone point me in the right direction on this?

0 Karma


Completely agree with the suggestion to create an AD Group for Splunk admins, and then map the "admin" role in Splunk to that group. When members get added/removed from that group, or de-activates, etc... changes are instantly reflected in Splunk.

0 Karma


/splunk/etc/passwd is the password file for all local accounts. You can always do the setup on one system and then push the file out to all systems. I do not not remember if it will require a restart or if a debug/refresh will solve it.

You can also create an AD group for admins and then map that group to the role.

.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!