Confidentiality and security

Splunk uses a typical role-based security model to provide flexible and effective ways to protect all the data indexed by Splunk, by controlling the searches and results in the presentation layer.

More creative methods of implementing access control can also be employed, such as:

  • Installing and configuring more than one instance of Splunk, where each is configured for only the data intended for an appropriate audience
  • Separating indexes by Splunk role (privileged and public roles as a simple example)
  • The use of Splunk apps such as configuring each app appropriately for a specific use, objective, or perhaps for a Splunk security role

More advanced methods of implementing access control are field encryptions, searching exclusion, ...

Get Mastering Splunk now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.