Hi. This pertains to Splunk 4.2.
We have some custom commands set up. We also have external scripts that we want to run against Splunk (ie, search via the command-line) that ultimately end with a custom command call.
As you might imagine, we're a bit stuck since only an Admin has rights to run a custom command, and yet you don't want to go storing the password of a privileged user in a text file/script!
Is there any way to enable a non-Admin to execute a Custom Command so that we can do all of this with a non-privileged user? I found nothing in the UI that would allow it, and so far, the only references I have seen indicate only Admins can run these.
Remarks Some search commands are not in the list in the manager, and inherit from the default settings.
Here is the method to change commands permissions in the configuration file :
edit the permission file $SPLUNK_HOME/etc/apps/search/metadata/local.meta
and add the lines.
access = read : [ admin ], write : [ admin ]
Then restart to apply.
As a consequence, the function will fail silently for the user that doesn't has the admin role.
My case is for Custom Commands, which is sort of the opposite of Scripted Inputs. 🙂 These are the Python or Perl scripts that live in "searchscripts" that you can run in the Splunk GUI...
index=blah fields=xyz | stats yadda | script python myscript