Every index explicitly granted to a role

Self explanatory, maps roles to indexes. Useful if you have a lot of indexes!

| rest /servicesNS/-/-/authorization/roles count=0 splunk_server=local
 | fields title,srchIndexesAllowed
 | rename srchIndexesAllowed as index title as role
 | mvexpand index
 | where NOT match(index,".*\*.*")

I found this at: https://gist.github.com/acharlieh/3254a7ab13297c760376
Credit goes to acharlieh!

Share This:

Comments

Leave A Comment?