Security

Search head pooling and authorize.conf

echalex
Builder

Hi,

I'm wondering how Splunk (4.3.x) deals with new roles created through the GUI. Since they're located in etc/system, I suppose you have to distribute any changes by yourself, or is there a way to automate this?

1 Solution

echalex
Builder

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

View solution in original post

0 Karma

rmorlen
Splunk Employee
Splunk Employee

That is how we handle authorize.conf. We have the common (shareable) information in a "splunk_system" app and the server specific information in $SPLUNK_HOME/etc/system/local. We do this for all the $SPLUNK_HOME/etc/system/local config files.

0 Karma

echalex
Builder

Maybe I should've searched better, but hopefully the link to the doc is useful to you. 🙂

0 Karma

echalex
Builder

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

I'm in a similar situation, but on 5.0.1. I'd love to see the solution as well.

Get Updates on the Splunk Community!

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...