Project

General

Profile

Feature #2074

Add ability to define an index to output the results to (and constrain searches to)

Added by Luke Murphey over 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
Start date:
09/18/2017
Due date:
% Done:

100%


Description

I have a possibly unique situation in that my “customers” are given different indexes because like 2 year olds in a sandbox, they don’t play well together. So, for instance anything they contribute to Splunk, goes into their own indexes and instead of searching the main indexes for shared platforms e.g. Firewalls that data is parsed out to summary indexes that only contain traffic with a src or dest of their subnet.

I would like to offer the network toolkit to the various departments but would need to limit their access to only their interactions with it. What would be ideal is having everything a user from deptA does when interacting with the toolkit got to index_deptA. I can see a couple of ways to do this: replicate the app with different names, default index, permissions. Or use forms on the various user apps which limit the searches to their subnets.

Associated revisions

Revision 202 (diff)
Added by lukemurphey about 7 years ago

Adding index option for outputting search command data to an index

Reference #2074

Revision 203 (diff)
Added by lukemurphey about 7 years ago

Making it possible to declare which index to search and store the data in

Reference #2074

History

#1 Updated by Luke Murphey about 7 years ago

To do this I need to:

Command Command Updated View Updated
nslookup Yes Yes
speedtest Yes Yes
whois Yes Yes
traceroute Yes Yes
ping Yes Yes

#2 Updated by Luke Murphey about 7 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF