Deployment Architecture

Permissions on CLI to execute splunk add monitor

dchang
New Member

Hi, We deploy forwarders to provide data to Splunk indexers. Whom is permitted to run the command "splunk add monitor"? Is it only the splunk user that installed the agent/forwarder?

If I wanted to permit others to add new monitors to the splunk forwarder can I do so?

Thanks, Dennis

0 Karma

dwaddle
SplunkTrust
SplunkTrust

To use the CLI command you need a Splunk login (not an operating system login) that has the Splunk admin role. How this nets out depends on some things - you can configure LDAP authentication (even for your forwarders) and let them centrally authenticate / authorize that way. Or, you can use the default admin account and whatever password you set for it. You could also add a Splunk user just for this purpose.

Alternately, splunk add monitor will eventually end up changing an inputs.conf config file. You could configure filesystem permissions to allow others to access this file, and they could edit it as necessary to add new monitor inputs.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...