Hi everyone,
I was wondering which is the best practice to follow to not allow everyone to see the Splunk alerts and the Splunk reports.
I created 50 alerts that are running as admin, and they are global. I need them to run on all the data, but I don't want all the users able to see them.
I also created 2 users with restrictions on the access, so that they shouldn't be able to see the alerts and the reports.
Is there a best practice to follow in a situation when you want to limit everyone from seeing the searches?
Hi mate
According to Splunk, the best practice would be to play with permissions of the knowledge objects and setting up user roles.
http://docs.splunk.com/Documentation/Splunk/6.3.3/Security/SecuringaccessforSplunkknowledgeobjects