Do user accounts and and dashboards get replicated...

a212830 · ‎06-06-2016

Hi,

I am using a search head cluster on 6.4.1. I have a customer who created a dashboard, but for some reason, can't modify the permissions. (Different issue). When I investigated and logged into one of the search heads in that cluster, his account was not there. Are these immediately created, or only created when the individual actually logs into that server (we are using a load-balancer across 8 servers).

sowings · ‎03-15-2018

In modern (6.5+) versions of Splunk, local users (via the $SPLUNK_HOME/etc/passwd) file are synced between SHC members. When the new user is created, the user directory for the user ($SPLUNK_HOME/etc/users). This will permit the user's dashboard to replicate (it would live in $SPLUNK_HOME/etc/users/<app>/local/data/ui/views/<dashboard_name>.xml).

If you're seeing other behavior, it might be that 6.4 didn't (yet) support that.

somesoni2 · ‎06-06-2016

They should get replicated in other SHC members, as long as user is creating Splunk object via SPlunk Web, CLI or REST Api Endpoints.

pradeepkumarg · ‎06-06-2016

What is the authentication method you are using? Is it LDAP or Local? local accounts are not replicated.

a212830 · ‎06-06-2016

ldap. And I thought that I read in 6.4, local accounts are replicated.

pradeepkumarg · ‎06-06-2016

Sorry, I take that back. Overlooked.. 6.4.. not there yet 🙂

Do user accounts and and dashboards get replicated in a 6.4.1 search head cluster?

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?