How to restrict your users to one app
One of the major use cases for creating apps is to keep different users within your organization from accessing certain types of data. For example, your Ops team may only be authorized to see syslog data, while your Application Development team may only see Log4J and Apache data. How can you keep this all separate, but still only run one Splunk instance? This is where apps come in. You can create one app for your Ops team and one app for your Application Development team, each app showcasing the different types of data each team needs access to.
Instructions on how to set up different apps in Splunk and restrict your users and roles to only the data they should see can be found in Setting access to manager consoles and apps in the Securing Splunk manual.
Setup screen example with user credentials
Scripted inputs overview
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18