Archive

Permission to run custom command

Path Finder

Hi. This pertains to Splunk 4.2.

We have some custom commands set up. We also have external scripts that we want to run against Splunk (ie, search via the command-line) that ultimately end with a custom command call.

As you might imagine, we're a bit stuck since only an Admin has rights to run a custom command, and yet you don't want to go storing the password of a privileged user in a text file/script!

Is there any way to enable a non-Admin to execute a Custom Command so that we can do all of this with a non-privileged user? I found nothing in the UI that would allow it, and so far, the only references I have seen indicate only Admins can run these.

Thanks.

0 Karma

Motivator

You might need to configure your script as script input.
More information:
http://docs.splunk.com/Documentation/Splunk/latest/Developer/ScriptedInputsIntro

Cheers,
Lp

0 Karma

Splunk Employee
Splunk Employee

Remarks Some search commands are not in the list in the manager, and inherit from the default settings.

Here is the method to change commands permissions in the configuration file :

edit the permission file $SPLUNK_HOME/etc/apps/search/metadata/local.meta
and add the lines.

[commands/FUNCTION_NAME]
access = read : [ admin ], write : [ admin ]

Then restart to apply.
As a consequence, the function will fail silently for the user that doesn't has the admin role.

Motivator

If you have access to Splunk as admin you can modify the permission of the search command:
Manager » Advanced search » Search commands

I hope it helps.
cheers

0 Karma

Path Finder

My case is for Custom Commands, which is sort of the opposite of Scripted Inputs. 🙂 These are the Python or Perl scripts that live in "searchscripts" that you can run in the Splunk GUI...

Example:
index=blah fields=xyz | stats yadda | script python myscript

0 Karma