Getting Data In
Highlighted

Minimal capabilities required for adding events via Splunk REST API

Path Finder

Hi,

I'm trying to add events into an existing index, via the REST API (specifically, using javascript-sdk).

Everything works fine when using a powerful user/role.

Now, I'm trying to limit the capabilities of that user, but cannot find any relevant capability for adding data into index, via the REST API.

What are the "least privileges" in this case?

Tags (3)
0 Karma
Highlighted

Re: Minimal capabilities required for adding events via Splunk REST API

Champion

You'll need "edit_tcp" to be able create events via the "/services/receivers/simple" API.

View solution in original post

Highlighted

Re: Minimal capabilities required for adding events via Splunk REST API

Path Finder

It's working, thank you!
BTW, "edit_tcp" is not so indicative description... 😕

0 Karma
Highlighted

Re: Minimal capabilities required for adding events via Splunk REST API

Champion

Yeah, no doubt! I only found out what the necessary permission was after spending way to much on it.

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.