Hi All,
We are using splunk and we need to extract application data into a Datawaehouse to report alongside other dimentions from different sources.
So we installed splunkmse as a virtual machine. Now when I use the admin user to create a table in mysql all is good and I am able to extract data, but unfortunately when I try the same with my own user, I am not able to 1) get all the saved searches. 2) The ones that get created do not show data.
Could anyone advise what I could be doing wrong, unortunately I cant have access to the admin user.
Any help is much appreciated.
Thanks, Divam
I believe you will need DBA privileges to the mysql instance on SplunkMSE. If I recall, it modifies entries in the _schema database when it builds tables for the saved searches.
Have the admin ssh into SplunkMSE and run the following commands in mysql>:
CREATE USER 'divam'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'divam'@'localhost' WITH GRANT OPTION;
That should give you all the necessary privileges without requiring admin access to the SplunkMSE virtual appliance. Determining what privileges/rights you will need without DBA access could be a significant undertaking.