Can't add data to Splunk Cloud via REST API (requi...

czervos · ‎02-04-2019

When I try to add data to the main index via the REST API utilizing the upload.py python script in the splunk-sdk git I get the following error

do not have permission to perform this operation (requires capability: edit_monitor).

even though I am using the API as an administrator (sc_admin) user role.

Following this I inspected the capabilities under sc_admin and sure enough edit_monitor is not a capability that the sc_admin has.

So I said OK let me add the capability. Unfortunately, the capability can not be added to the user role. What am I missing here?

I know a suggested work around is to use the forwarder to upload the data but is this an admission that one can not add data to the index via the REST api?

The exact same python script works like a charm with the Enterprise Splunk instance.

chrisyounger · ‎02-04-2019

You need to get support to open access to the API

More info here: https://answers.splunk.com/answers/432240/i-am-a-splunk-cloud-customer-i-would-like-access-t.html

czervos · ‎02-04-2019

Chrisyoungerjds, access to the API is open. When I curl to

curl -k -u username:password https://.splunkcloud.com:8089/servicesNS/nobody/search/properties/props/websphere_core

gives a response just fine.

It is when I try to upload a log file via the REST API that I get the error below.

File "/usr/local/lib/python2.7/site-packages/splunklib/binding.py", line 1244, in request
raise HTTPError(response)
splunklib.binding.HTTPError: HTTP 403 Forbidden -- You (user=username) do not have permission to perform this operation (requires capability: edit_monitor).

chrisyounger · ‎02-04-2019

OK - Sorry I am not sure how to get that specific role added.

Can't add data to Splunk Cloud via REST API (requires capability: edit_monitor)

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!