When I try to add data to the main index via the REST API utilizing the upload.py python script in the splunk-sdk git I get the following error
do not have permission to perform this operation (requires capability: edit_monitor).
even though I am using the API as an administrator (sc_admin) user role.
Following this I inspected the capabilities under sc_admin and sure enough edit_monitor is not a capability that the sc_admin has.
So I said OK let me add the capability. Unfortunately, the capability can not be added to the user role. What am I missing here?
I know a suggested work around is to use the forwarder to upload the data but is this an admission that one can not add data to the index via the REST api?
The exact same python script works like a charm with the Enterprise Splunk instance.
You need to get support to open access to the API
More info here: https://answers.splunk.com/answers/432240/i-am-a-splunk-cloud-customer-i-would-like-access-t.html
Chrisyoungerjds, access to the API is open. When I curl to
curl -k -u username:password https://.splunkcloud.com:8089/servicesNS/nobody/search/properties/props/websphere_core
gives a response just fine.
It is when I try to upload a log file via the REST API that I get the error below.
File "/usr/local/lib/python2.7/site-packages/splunklib/binding.py", line 1244, in request
splunklib.binding.HTTPError: HTTP 403 Forbidden -- You (user=username) do not have permission to perform this operation (requires capability: edit_monitor).
OK - Sorry I am not sure how to get that specific role added.