- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Anonymous users access to their data and view.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anonymous users access to their data and view.
I am not sure if this is feasible and done before.
We have anonymous users, each have their own sensors which generate temperature and humidity. Can we setup splunk so that each users data can be sent and then displayed as line graph or ring graph. Each sensor has a unique id, and we can send the temp and humidity value along with it, can we display the view based on the sensor unique id?
Thank you in advance,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It depends what is "Anonymous" here? If the user wants to see the data, then he is not anonymous any more since they need username/password for splunk.
One of the recommended ways is to have separate index for each sensor or user and then send the data to respective indexes. The user then will be able to see only those indexes which he has access(controlled with roles). In this way, just one view should be enough to visualize the data.
If you, as an admin wants to see the data per sensor, you can create a drop down box with sensors listed and then write SPL with token enabled from this box.
If your requirement can not be implemented with the above options, please explain it detail and someone will be able to help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have seen that we can create guest/read only logins. This would be fine for us.
Can the indexes be created dynamically based on sensor id? , can we pass the sensor id along with credentials and direct to a view with that particular index? In our system we have the data for all sensors, can we iframe the view and pass the credentials along with the sensor id to show the view?
We understand if someone gets hold of the sensor id for others they can see the view they don't own, it doesn't have to be secure for the first phase.
Is there a better approach in Splunk to authenticate using existing portals and dynamic sensors?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk needs an index to store the data and it should be available before you forward the data. To create index dynamically you need a program/logic other than forwarder in front of the indexer and then based on the event - create an index and then forward the index. For eg: one of your sensor data receiver module can do this if it can connect to splunk using splunk REST API and the roles can also be assigned
sensor data -> your receiver --->(sub process to create index based on sensor id) -> forward the data to indexer
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Renjith, sounds like the thing we need to try. Do you have any example of the rest call to create the index dynamically?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reference :
docs.splunk.com/Documentation/Splunk/6.1.10/RESTAPI/RESTindex#POST_data.2Findexes
http://docs.splunk.com/Documentation/Splunk/6.4.0/RESTUM/RESTusing
http://docs.splunk.com/Documentation/Splunk/6.4.0/RESTUM/RESTusing
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
