Root Access

Root users are users with the privileges required to act as systems administrators for the Humio cluster. They have the access rights to add and remove other users to the system and manage aspects that affect all repositories. By default, root users are also members of all repositories. This is controlled by the ENFORCE_AUDITABLE setting.

Root Access Token

If you have SSH access to the machine running Humio, you can always perform API requests through 127.0.0.1:8080 or any other way of getting HTTP requests to the Humio server using the special API token for root access. The token is re-created every time the server starts, and placed in the file /data/humio-data/local-admin-token.txt. The token allows root access on the API for anyone able to read this file.

The root token can be used for creating initial setup and configuration such as setting up users and repositories. It’s also useful for running scripts/integrations on the local server, for provisioning or daily maintenance purposes, in particular for scripts running on the same server with read-access to the token file.

Since the token is re-generated on every server startup, it is not suitable as a long-term API token. For long-term API tokens, add a user with root privileges and use the API token for that user.

Creating Root Users

You can use the root token to create root users. To create a user with root privileges on the server, run:

TOKEN=`cat /data/humio-data/local-admin-token.txt`
curl $BASEURL/api/v1/users \
 -X POST \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer $TOKEN" \
 -d "{\"email\": \"$EMAIL\", \"isRoot\": true}"

When using LDAP $EMAIL is the username the user must enter to login, and need not be an actual email address.

Once that user has been added, you can log on using that user and see your own API token, as described in API authentication.