Getting Data In

Modify event types via API (curl)

Communicator

I'm trying to script something out to create an event type and then set the permissions on it. I've got the creation down just fine:

curl -s -k -H "Authorization: Splunk <authstring>" https://splunksearch:8089/servicesNS/nobody/search/saved/eventtypes -d name=SA-1234 -d search='"host=web01*"' -d tags=alert-shop

However, I'm unable to set the permissions using the above URI. Scouring through the documentation it seems I need to slap the acl of the object via:

curl -s -k -H "Authorization: Splunk <authstring>" https://splunksearch:8089/servicesNS/nobody/search/saved/eventtypes/SA-1234/acl -d perms.read=* -d perms.write=admin,power -d sharing=app"

However, the API returns the following :

<msg type="ERROR">In handler &apos;eventtypes&apos;: Argument &quot;perms.read&quot; is not supported by this handler.</msg>

If I remove perms.read it will just complain about another (e.g. sharing=app). How do I properly set the permissions via the API in Splunk 4.3.2?

Tags (2)

Communicator

Never mind... I'm a moron.

You do slap the /acl handler. I had a problem with one of my variable.