A technical troubleshooting blog about Oracle with other Databases & Cloud Technologies.

Roles and Licensing in Splunk

2 min read

Roles:

There are basically three different types of Roles in Splunk:

User:
This is the basic role in Splunk which provides access to all shared data sets to be read, viewed and monitored. Here you can create dashboard but cannot publish it for other users.

Power User:
This is an advanced role in Splunk which grants you the access to create dashboards, alerts, reports and publish it for all users. You can create, edit and update any existing shared data set in Splunk.

Admin:
This is the highest role in Splunk. It grants you the access to ingest logs in the indexers, restarts indexers and forwarders on the physical entities. Admins can manage settings, users, and data with full control.

Licensing:

Splunk indexes data from the source and process it to show at search head. Splunk Enterprise licenses specify how much data can you index per calendar day. If you exceed your licensed daily volume on any one calendar day, you get a violation warning.

There are a few types of licenses, such as:

* The Enterprise license enables all Enterprise features, such as authentication and distributed search. As of Splunk Enterprise 6.5.0, new Enterprise licenses are no-enforcement licenses.

* The Free license allows for a limited indexing volume and disables some features, including authentication.

* The Forwarder license allows you to forward data, but not index data, and enables local authentication only.

* The Beta license typically enables Enterprise features, but is restricted to Splunk Beta releases.

* A license for a premium app is used in conjunction with an Enterprise or Cloud license to access the functionality of an app.