Databases Reference
In-Depth Information
If everything is configured correctly you should see the appropriate apps appear in
$SPLUNK_HOME/etc/apps/
, within a few minutes. To see what is happening, look at
the log
$SPLUNK_HOME/var/log/splunk/splunkd.log
.
If you have problems, enable debugging on either the client or the server by editing
$SPLUNK_HOME/etc/log.cfg
, followed by a restart. Look for the following lines:
category.DeploymentServer=WARN
category.DeploymentClient=WARN
Once found, change them to the following lines and restart Splunk:
category.DeploymentServer=DEBUG
category.DeploymentClient=DEBUG
After restarting Splunk, you will see the complete conversation in
$SPLUNK_HOME/
var/log/splunk/splunkd.log
. Be sure to change the setting back once you no
longer need the verbose logging!
Using LDAP for authentication
By default, Splunk authenticates using its own authentication system, which simply
stores users and roles in flat files. The other two options available are LDAP and
scripted authentication.
To enable LDAP authentication, perform the following steps:
1.
Navigate to
Manager
|
Access controls
|
Authentication method
.
2.
Check the
LDAP
checkbox.
3.
Click on
Configure Splunk to use LDAP and map groups
.
4.
Click on
New
.
You will then need the appropriate values to set up access to your LDAP server.
Every organization sets up LDAP slightly differently, so I have never managed to
configure this properly the first time. Your best bet is to copy the values from another
application already configured in your organization.
Once LDAP is configured properly, you can map Splunk roles to LDAP groups
through the admin interface. Whether to use an existing group or create Splunk-
specific groups is of course up to your organization, but most companies I
have worked with opted to create a specific group for each Splunk role. The
common groups are often along the lines of:
splunkuser
,
splunkpoweruser
,
splunksecurity
, and
splunkadmin
. Rights are additive, so a user can be a
member of as many groups as is appropriate.
Search WWH ::
Custom Search