Splunk® Enterprise

Admin Manual

Download manual as PDF

Download topic as PDF

Customize the CLI login banner

If you provide CLI access to data, you may need to customize your login banner to notify your users of monitoring, their legal obligations, and penalties for misuse. You can also add additional security (in the form of basic authentication) for your CLI logins.

To create a custom login banner and add basic authentication, add the following stanzas to your local server.conf file:

cliLoginBanner = <string>
allowBasicAuth = true|false
basicAuthRealm = <string>
  • For cliLoginBanner = <string>

Create a message that you want your user to see in the Splunk CLI, such as access policy information, before they are prompted for authentication credentials. The default value is no message.

To create a multi-line banner, place the lines in a comma separated list, putting each line in double-quotes. For example:

cliLoginBanner="Line 1","Line 2","Line 3"

To include a double quote within the banner text, use two quotes in a row. For example:

cliLoginBanner="This is a line that ""contains quote characters""!"
  • For allowBasicAuth = true|false:

Set this value to true if you want to require clients to make authenticated requests to the Splunk server using "HTTP Basic" authentication in addition to Splunk's existing (authtoken) authentication. This is useful for allowing programmatic access to REST endpoints and for allowing access to the REST API from a web browser. It is not required for the UI or CLI. The default value is true.

  • For basicAuthRealm = <string>:

If you have enabled allowBasicAuth, use this attribute to add a text string that can be presented in a Web browser when credentials are prompted. You can display a short message that describes the server and/or access policy. The text: "/splunk" displays by default.

Use the CLI to administer a remote Splunk Enterprise instance
Start and stop Splunk Enterprise

This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.6.0, 6.6.1

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters