Hi,
I am using a search head cluster on 6.4.1. I have a customer who created a dashboard, but for some reason, can't modify the permissions. (Different issue). When I investigated and logged into one of the search heads in that cluster, his account was not there. Are these immediately created, or only created when the individual actually logs into that server (we are using a load-balancer across 8 servers).
In modern (6.5+) versions of Splunk, local users (via the $SPLUNK_HOME/etc/passwd) file are synced between SHC members. When the new user is created, the user directory for the user ($SPLUNK_HOME/etc/users). This will permit the user's dashboard to replicate (it would live in $SPLUNK_HOME/etc/users/<app>/local/data/ui/views/<dashboard_name>.xml).
If you're seeing other behavior, it might be that 6.4 didn't (yet) support that.
They should get replicated in other SHC members, as long as user is creating Splunk object via SPlunk Web, CLI or REST Api Endpoints.
What is the authentication method you are using? Is it LDAP or Local? local accounts are not replicated.
ldap. And I thought that I read in 6.4, local accounts are replicated.
Sorry, I take that back. Overlooked.. 6.4.. not there yet 🙂