All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are the minimum Splunk capabilities required to use the Splunk TA-SyncKVStore app?

woodcock
Esteemed Legend
‎06-18-2019 09:07 AM

I checked the listing on Splunkbase and the documentation does not include this information:
https://splunkbase.splunk.com/app/3519/

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-18-2019 09:28 AM

My client was interested in trying to create a special minimal-capability, least-privileged user to run the sync.
I am used to seeing a "documentation" page on Splunkbase with the README text in it but this app doesn't have that.
What it does have, is a more recent version of the app, the source code, notes, and update history on GitHub here:
https://github.com/georgestarcher/TA-SyncKVStore

To work, the user must be able to hit the REST API endpoints used (these are capabilities) and have read permission to the source collection and write permission to the destination collection (if that is your destination type). The latter are KO meta settings unrelated to roles. So:
The user MUST have this capability to read the KV store: rest_properties_get.
Depending on what you are doing with it, you might also need this capability: rest_properties_set.
There is another REST-related capability that you should not need, but I will list it for completeness: rest_apps_view.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎06-18-2019 09:28 AM

My client was interested in trying to create a special minimal-capability, least-privileged user to run the sync.
I am used to seeing a "documentation" page on Splunkbase with the README text in it but this app doesn't have that.
What it does have, is a more recent version of the app, the source code, notes, and update history on GitHub here:
https://github.com/georgestarcher/TA-SyncKVStore

To work, the user must be able to hit the REST API endpoints used (these are capabilities) and have read permission to the source collection and write permission to the destination collection (if that is your destination type). The latter are KO meta settings unrelated to roles. So:
The user MUST have this capability to read the KV store: rest_properties_get.
Depending on what you are doing with it, you might also need this capability: rest_properties_set.
There is another REST-related capability that you should not need, but I will list it for completeness: rest_apps_view.

0 Karma
Reply
Solved! Jump to solution

starcher
Influencer
‎06-18-2019 09:22 AM

It is in the readme in the app when you download it. or see it in the git repo.
https://github.com/georgestarcher/TA-SyncKVStore/blob/master/README.md

Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...