Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

System eventtypes "internal_search_terms", "splunkd-access", "splunkd-log"

kandersen
New Member
‎04-27-2018 02:39 AM

Hello, I want to limit the access for some external users to all eventtypes.

There are 3 system-default-eventtypes remaining: "internal_search_terms", "splunkd-access", "splunkd-log".
The privileges of these 3 seems to be not changeable.
What are the purpose of these?
And how could I block them for specific users?

0 Karma
Reply

janispelss
Path Finder
‎04-27-2018 06:05 AM

Seems that those are eventtypes that only apply to Splunk's internal events. So if the users you want to restrict don't have the access to the internal indexes (and they probably shouldn't), they won't be able to use the eventtypes, even though they can see the definitions.

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...