All,
Is there a supported and easy way to exclude Splunk's internal logs from the access_center in Splunk ES? possible to just block reading the hidden indexes?
You can just modify the searches for the dashboards to not include the _internal index. This can be done in the dashboard panels themselves or in the xml.
I believe the following doc should have the info you would need fot this.
http://docs.splunk.com/Documentation/Splunk/7.0.3/Viz/DashboardEditor
Hey daniel333,
Is there any particular reason to this?
You can disable internal indexes for specific roles.
You can refer this doc:
https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Aboutusersandroles
Let me know if this helps!!