Security

Where is the file for access control stored in Splunk Cloud?

namrithadeepak
Path Finder

Hi,

Purely for informational purposes, I would like to know where the file for access control is stored in Splunk Cloud.

Is it stored on the forwarder, indexer, or the search head? If I install a new component (Forwarder, indexer or search head), is it my responsibility to copy this file over to the new component?

I also have Splunk installed on my local machine (for personal use), can I view it then?

Thanks in advance!!

0 Karma
1 Solution

lguinn2
Legend

I don't know exactly what you mean by "access control." There are several files that Splunk uses to determine who can login, their passwords and their roles. For your local machine, you will find this in $SPLUNK_HOME/etc/passwd and in authorize.conf. You may also have configuration files that allow users to login to Splunk with LDAP credentials, etc.

/etc/passwd must exist on all Splunk instances. Other configuration files generally exist only where users login. Usually that is the search head.

You cannot access any of the configuration files directly in Splunk Cloud.

View solution in original post

lguinn2
Legend

I don't know exactly what you mean by "access control." There are several files that Splunk uses to determine who can login, their passwords and their roles. For your local machine, you will find this in $SPLUNK_HOME/etc/passwd and in authorize.conf. You may also have configuration files that allow users to login to Splunk with LDAP credentials, etc.

/etc/passwd must exist on all Splunk instances. Other configuration files generally exist only where users login. Usually that is the search head.

You cannot access any of the configuration files directly in Splunk Cloud.

Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...