Why am I getting the error "You do not have the ca...

jclark4 · ‎03-18-2016

This is a new install. I am trying to add new data and getting an error message:

"You do not have the capability to add data. Please contact your administrator"

This was installed from my Unix team, under the root user. I am assigned another account with full rights on the server.

Is there something that I am missing to be able to get this to work?

Thank you

jgedeon120 · ‎06-23-2016

I was having this same issue. My issue was resolved by having an index that was not disabled on the host since it was an intermediate forwarder.

muebel · ‎03-18-2016

Hi jclark4, you'll need to make sure that you have administrative capabilities in the context of the Splunk instance you are trying to modify. Check out the admin manual for more info on this. Essentially, you'll want to make sure that your Splunk account is in the admin role. http://docs.splunk.com/Documentation/Splunk/6.0.2/Admin/Aboutusersandroles

Otherwise, you can directly edit the filesystem, modifying inputs.conf as desired to setup file monitor, scripted inputs or whatever config you want to get the data in.

Please let me know if this helps!

jclark4 · ‎03-18-2016

My account is in the admin role, but i still get that message

nromito_splunk · ‎03-18-2016

Run splunk btool authorize list to check that the role you have still has the capabilities associated with adding data (edit_input_defaults, edit_monitor, indexes_edit, list_inputs, etc) Perhaps someone messed around with the capabilities given to default roles.

jclark4 · ‎03-22-2016

I've verified this, it looks correct:

edit_input_defaults = enabled
edit_monitor = enabled
indexes_edit = enabled
list_inputs = enabled

Why am I getting the error "You do not have the capability to add data. Please contact your administrator" when I try to add data?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!