Multi-Tenancy With Splunk
If you are a service provider, it is not necessary to set up a dedicated Splunk server for every customer. Splunk fully supports multi-tenancy and uberAgent does, too. This article describes how to configure it.
Concepts
Splunk stores data in indexes. Regarding multi-tenancy, the important thing is that you can set permissions per index.
Setting up a multi-tenant Splunk & uberAgent installation is simple. We are going to follow the concept outlined in the Splunk blog.
Implementation
Actually, all you have to do is described very well in the Splunk blog article mentioned earlier. Here is a summary:
- Create a unique index per customer. Please note that all uberAgent indexes should start with a common prefix (e.g.
uberagent
) so that they can be searched with a single wildcard statement (e.g.uberagent*
). Valid names would beuberagent-customer1
anduberagent-customer2
. - To set up custom index names follow the instructions in this article.
- Configure users according to the Splunk blogs article.
Result
If you have configured this, you have a setup where Splunk administrators can search everything while individual customer admins can only search their own data.