Chapter 4: Splunk Administration—Security
In the previous chapter, we discussed storage, the continuously flowing Splunk data pipeline, index types (event and metric), roles, and alerts. We also touched on the concept of Logs2Metrics.
In this chapter, the emphasis will focus on a review of how Splunk security works, and then point out the security enhancements in Splunk version 8.0, such as granular access and within-index control concepts, and the latest interface for Roles management. We will also touch briefly on authentication and Authentication Tokens (REST API and CLI with SAML).
This chapter will be broken down into the following sections:
- Security and security enhancements
- Granular access controls
- Role management