Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

Modify event types via API (curl)

nocostk
Communicator
โ€Ž05-22-2012 11:56 AM

I'm trying to script something out to create an event type and then set the permissions on it. I've got the creation down just fine:

curl -s -k -H "Authorization: Splunk <authstring>" https://splunksearch:8089/servicesNS/nobody/search/saved/eventtypes -d name=SA-1234 -d search='"host=web01*"' -d tags=alert-shop

However, I'm unable to set the permissions using the above URI. Scouring through the documentation it seems I need to slap the acl of the object via:

curl -s -k -H "Authorization: Splunk <authstring>" https://splunksearch:8089/servicesNS/nobody/search/saved/eventtypes/SA-1234/acl -d perms.read=* -d perms.write=admin,power -d sharing=app"

However, the API returns the following :

<msg type="ERROR">In handler &apos;eventtypes&apos;: Argument &quot;perms.read&quot; is not supported by this handler.</msg>

If I remove perms.read it will just complain about another (e.g. sharing=app). How do I properly set the permissions via the API in Splunk 4.3.2?

Tags (2)
Reply

nocostk
Communicator
โ€Ž05-22-2012 12:11 PM

Never mind... I'm a moron.

You do slap the /acl handler. I had a problem with one of my variable.

Reply