I think one of the biggest security problems concerns the searchterms because all searches would become visible. For example if an admin is doing some searches and during the course of that they click on a particular social security number in the UI, that becomes a search so the number of course appears in searches.log and now all the regular users can see that number.
So if there are any indexes that only users with special roles can search, you're leaving a bit of a hole. On the other hand, if there are no such indexes in your system, this particular problem dissappears.
I cant think of much that's left. Traffic analysis and maybe searchterm analysis on what the other splunk users are searching for.
... View more