Solved: Splunk capabilities rol

julian0125 · ‎07-25-2019

Hello Splunkers!

i have a question, i am unable to search on splunk web that's because accidentaly deleted some capabilities on roles. I was able to log in but i cannot do searches or event see the apps, and also cannot enter to the access control option, appears a 500 internal error server. is there a way to resolve this? Thanks

jawaharas · ‎07-26-2019

If your are facing issue with 'admin' user and if you have access to Splunk installation files try below steps.

Navigate to $SPLUNK_HOME\etc\system\local\ path
Rename/delete the file 'authorize.conf' (say authorize.conf.bak)
Restart Splunk instance

View solution in original post

jawaharas · ‎07-26-2019

If your are facing issue with 'admin' user and if you have access to Splunk installation files try below steps.

Navigate to $SPLUNK_HOME\etc\system\local\ path
Rename/delete the file 'authorize.conf' (say authorize.conf.bak)
Restart Splunk instance

julian0125 · ‎07-26-2019

Hey @jawaharas, thank you very much, that works!!

Splunk capabilities rol

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!