We are only allowed to use AD accounts when accessing Splunk, but in our PCI DSS environment some users are not allowed to have accounts by policy due to either being contractors or due to age restrictions.
Is it at all possible to have another search head in another domain, but connected to same Splunk instance we already have? This way the search head will be in the domain where our users are etc.
I am just thinking how we can grant access to Splunk if the users cannot have AD accounts in the same domain as Splunk and we cannot use trusts etc.
↧