search filter

search filter


A limited type of search string that is defined for and applied to a given role through Settings > Access controls > Roles or the authorize.conf file, thereby constraining what data users in the role can access by using search.

Search filters are additive. If a user is a member of more than one role with search filters applied, all applicable search filters are joined with a Boolean 'OR'.

For more information

In the Securing Splunk Enterprise:

In the Admin Manual: