Configuring Atlas
After installation, Atlas will need to be configured for standard use. The following instructions outline applying an Atlas License Key, Assigning Users, Atlas Roles, Atlas Settings, and creating Atlas Targets.
License Configuration
Read and Write permissions to Atlas.conf file is required for editing the license key. This is given to the Splunk Admin role by default. Users without this permission will not be able to see the Edit License button.
- On the Splunk Search Head or Search Head Cluster where the Atlas Platform software was installed, navigate to Atlas by searching for Atlas from the Splunk apps bar or the App Navigation menu.
-
Select Settings on the side navigation.
-
Select the License Configuration option from the Settings navigation bar.
-
Click the Manage License button at the top right of the page.
-
Paste the Atlas License Key provided to you into the text box on the screen and click the Save button.
-
If adding a new license key you will be asked to read and accept the license agreement.
-
The License Management dashboard will update to display information about the license that was applied. License type, expiration date, and number of open user assignments it is a user based license. It will also display the current Atlas Role of the user.
If you receive errors on saving your license, reach out to Atlas Support for assistance or submit a case in the Atlas Customer Support Portal.
For Atlas Enterprise, all Splunk users are assigned to Atlas by default and no further action is required.
If there are ever more Splunk accounts assigned to Atlas than the license supports, then the entire Atlas Platform (except configuration pages) will be off limits to all accounts, regardless if they are assigned to the platform or not.
User Configuration
Atlas provides role-based access for users, enabling you to control which capabilities are available to each user. User configuration differs slightly between Enterprise and Seat-based licensing.
Splunk Admin permissions are required to configure users and assign Atlas roles.
Configuring Users
-
Select the Settings button on the navigation side bar.
-
Click on the User Configuration tab to view all Splunk users.
-
For each user, you can assign one of the following Atlas roles from the dropdown menu:
- Atlas Admin: Full access to all Atlas features, including configuration settings. Splunk Admins can only be assigned Atlas Admin.
- Atlas Creator: Access to create and modify content but limited configuration abilities
- Atlas Viewer: Read-only access to Atlas dashboards and reports
- Basic Viewer: Does not have access to Atlas features, does not require a seat
-
After assigning the appropriate roles to users, select Save Changes to apply your configuration.
Enterprise Licensing
For Enterprise licensed installations:
- There is no limit to the number of users who can access Atlas
- You only need to assign the appropriate Atlas role to each user
Seat-based Licensing
For Seat-based licensed installations:
- Only users explicitly assigned an Atlas role will have access to the platform
- The system displays how many seats are utilized in the License Allocation area at the top of the page
- If you attempt to assign more users than your license permits, the system will prevent saving
Managing Inactive Users
Users who no longer require Atlas access or who have inactive Splunk accounts should have their Atlas role removed to free up license seats. Inactive or invalid Splunk accounts appear with an "[Invalid User]" tag to help you identify accounts that should be removed.
Atlas Targets Configuration
Atlas Targets are an innovative way to empower Admins to utilize Atlas to change separate Splunk Environments. A 'Target' is another Splunk environment that is not on the local host's Search Head or Indexer Cluster. By setting up an Atlas Target, Splunk Admins, or other power users on Splunk, can utilize a Service Account to communicate with Splunk environments that the user is not immediately on. This is useful for Dedicated Search Head deployments, and Federated Search Heads connected to Splunk Cloud.
To fully leverage this capability, please review listed requirements, supported features, and follow the deployment guides for implementation.
Capability Requirements to Use Atlas Targets
To leverage Atlas Targets, users configuring and utilizing the system need to have the 'list_storage_passwords capability' Splunk capability. This capability enables users to use saved and encrypted password used by the configured Service Accounts used by Atlas Targets. This is powerful capability enabling users to read any plain text secret in the Splunk ecosystem, such as user passwords. Its for this reason that utilizing Atlas Targets is recommended for Splunk Admins, who already have this capability, only. Atlas documentation reflects this recommendation.
What Features Leverage Atlas Targets?
When utilizing Atlas in a Dedicated Deployment or as a Federated Search Head with Splunk Cloud, Atlas Targets enable the modification of Splunk searches remotely, empowering Admins to quickly manage their systems using Atlas's tooling.
How to Configure Atlas Targets
- Service Account Username: Account name for an admin-level service account on the target Splunk server. This account will be leveraged to perform tasks with the Atlas Product. All tasks are logged in the Atlas Audit log.
- Service Account Password: Account password for an admin-level service account on the target Splunk server. The password will be saved using Splunk's Secret Manager.
- Management URI: Management URI of the identified Splunk Target. The URI should include the server name (found on the About page on Splunk servers), and the management port number (default 8089).
- Web URL: URL of the identified Splunk Target. The URL will be used for navigating users to the correct Splunk Web UI when performing Atlas actions.
Atlas Element Configuration
Atlas 4.0 introduces a consolidated configuration interface that brings all element settings into a single tab within the Settings page. This streamlined approach makes it easier for Atlas Administrators to validate, configure, and manage all Atlas Elements from one central location. Users will be directed here if an Element is not appropriately configured.
Environment Validation
The Environment Validation section performs automated checks to ensure your Splunk environment is properly configured to support Atlas. These checks include:
- Indexes Defined: Validates that all required metric indexes are properly defined in your environment
- KV Store Validation: Confirms that Splunk's built-in KV Store is reachable and functioning correctly
A green ball indicator shows successful validation, while a red ball identifies issues that require attention.
Index Configuration
Atlas uses metric indexes to store various types of operational data. The Index Configuration section allows you to assign appropriate metric indexes used in Atlas elements and features:
- License Usage: Stores license utilization metrics for reporting and analysis in a metric index
- Data Utilization: Tracks dataset usage patterns and search frequency in a metric index
- Monitor: Stores event metrics for configured data watches in a metric index
- Atlas Audit: Maintains audit information for user actions within Atlas
For each option, you need to:
- Select the appropriate index from the dropdown menu
- Ensure the correct permissions are configured for accessing these indexes
- Check the Status column to verify successful configuration
Red ball indicators highlight configurations that need attention, while green balls show properly configured elements.
Element-Specific Settings
Data Utilization Settings
Data Utilization tracks how datasets in your Splunk environment are being used across searches and dashboards.
- Backfill Indexes: Allows you to retroactively collect historical data about search patterns before Data Utilization was installed
- Click the Backfill Data button to open the backfill configuration modal
- Select the time range for historical data collection
- Review the estimated processing time before starting the backfill operation
Forwarder Awareness Settings
Forwarder Awareness provides monitoring and management of your Splunk forwarder infrastructure.
- Default Forwarder Groups: Automatically creates standard forwarder groups based on common criteria
- Operating Systems: Creates groups for Windows and Linux forwarders
- Forwarder Types: Creates groups for Heavy and Universal Forwarders
- Missing Forwarders: Creates a group to track forwarders that have gone offline
Search Library Settings
Search Library provides a repository of optimized searches for your Splunk environment.
- Pending Searches: Controls whether user-created searches require admin approval
- Toggle Use Pending Searches to enable/disable the approval workflow
- When enabled, an admin must approve searches before they appear in the library
PCA (Performance & Capacity Analytics) Settings
Performance & Capacity Analytics provides insights into your Splunk infrastructure health and resource utilization.
- Server Roles Configuration: A table showing all Splunk servers in your environment where you can:
- View the server hostname and IP address
- Assign appropriate server roles for each host
- Edit role assignments using the pencil icon in the Actions column
Common Remediation Steps
When encountering configuration issues (indicated by red ball indicators), common remediation steps include:
- Setting up the required metric indexes in the Index Configuration section
- Ensuring appropriate permissions to access the _internal and _audit indexes
- Granting the current user read permissions to configured metric indexes
- Configuring appropriate REST API access for cross-server communication
Always review the specific remediation instructions provided in the red boxes for targeted guidance.