Deploy users and role definitions to multiple Splunk instances

Please note the below is somewhat archaic. These days if you need to coordinate roles across many hosts, you probably would want to be using LDAP (no need for copying files) or search head clustering.

If you have installed Splunk on multiple servers (perhaps for a distributed search setup) and don't want to create your users and define their roles separately on each server, create/define them on one of the instance and then copy the following files from that instance to all the others:

• $SPLUNK_HOME/etc/passwd
• $SPLUNK_HOME/etc/auth/splunk.secret
• $SPLUNK_HOME/etc/system/local/authorize.conf
• $SPLUNK_HOME/etc/system/local/authentication.conf (optional - only if you are using LDAP)

On Splunk 3.4.8 or later, you must synchronize the hashed password in $SPLUNK_HOME/etc/system/local/server.conf. If all servers have the same settings, the file may be simply copied.

If uncertain, reenter the ssl key password in this file in plain text, in the setting keyfilePassword. The default password is the string 'password'.