All Apps and Add-ons

Splunk App for Salesforce: How to configure multiple accounts for different organizations?

splunk_cv
Explorer

Hi, i have to collect logs from multiple org with different accounts in my Splunk Enterprise Infrastructure. Is there a way to configure the Splunk App for Salesforce with multiple accounts/org, or do i have to install different apps (one for every org)?

Thank you
Matteo

splunker288
Explorer

Did you find a way to configure the Salesforce app with multiple accounts?

0 Karma

jkat54
SplunkTrust
SplunkTrust

If I understand your question... You're interested in knowing how to have a different splunk_ta_windows for each org so each org can have its own settings for example.

This is an interesting question because some of these TAs feed into larger apps such as the Splunk app for windows infrastructure.

Typically in your situation I would recommend different search heads for each organization and if there are any regulatory issues that might be faced based on one org possibly having access to another orgs data, I would recommend completely separate environments.

However, if you're a conglomerate, and you want 10 of your different brands / divisions using splunk for example, but they each have their own active directory/ ldap domains / infrastructure, then i would just create an app for each of them like below:

OrgA_Splunk_TA_windows
OrgB_Splunk_TA_Windows

For each I would create their own roles and ldap strategies in different apps like below:

OrgA_Base_Auth
OrgB_Base_Auth

Same with indexes, and pretty much everything else.

However in most cases like this, I think you will find its still best to have separate infrastructure altogether. We know management loves the idea of "Multitenant" to save costs, but unless you have a seriously strong "big data" focused architecture team, you'll probably fail at engineering this pipe dream.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi splunk_cv,
if you need to grant administrative privileges to the two organization's persons, the best way is to have different Splunk instances for each organization.

If instead they are only users and you maintain the administrative privileges, you can both install different Apps for each of them or use the same App but every way with different Indexes, because Splunk access rights to data is given at Index level so you have to create different Indexes for each organization and (if you use the same App) address all the indexes in your App using an eventtype (e.g.: index=index1 OR index=index2) instead the classical index =myindex.

Bye.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...