Security

Search head pooling and authorize.conf

echalex
Builder

Hi,

I'm wondering how Splunk (4.3.x) deals with new roles created through the GUI. Since they're located in etc/system, I suppose you have to distribute any changes by yourself, or is there a way to automate this?

1 Solution

echalex
Builder

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

View solution in original post

0 Karma

rmorlen
Splunk Employee
Splunk Employee

That is how we handle authorize.conf. We have the common (shareable) information in a "splunk_system" app and the server specific information in $SPLUNK_HOME/etc/system/local. We do this for all the $SPLUNK_HOME/etc/system/local config files.

0 Karma

echalex
Builder

Maybe I should've searched better, but hopefully the link to the doc is useful to you. 🙂

0 Karma

echalex
Builder

Answering my own question, this situation has been documented.
(5.0.2, 4.3.5)

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

I'm in a similar situation, but on 5.0.1. I'd love to see the solution as well.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...