Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Modify event types via API (curl)

nocostk
Communicator
‎05-22-2012 11:56 AM

I'm trying to script something out to create an event type and then set the permissions on it. I've got the creation down just fine:

curl -s -k -H "Authorization: Splunk <authstring>" https://splunksearch:8089/servicesNS/nobody/search/saved/eventtypes -d name=SA-1234 -d search='"host=web01*"' -d tags=alert-shop

However, I'm unable to set the permissions using the above URI. Scouring through the documentation it seems I need to slap the acl of the object via:

curl -s -k -H "Authorization: Splunk <authstring>" https://splunksearch:8089/servicesNS/nobody/search/saved/eventtypes/SA-1234/acl -d perms.read=* -d perms.write=admin,power -d sharing=app"

However, the API returns the following :

<msg type="ERROR">In handler &apos;eventtypes&apos;: Argument &quot;perms.read&quot; is not supported by this handler.</msg>

If I remove perms.read it will just complain about another (e.g. sharing=app). How do I properly set the permissions via the API in Splunk 4.3.2?

Tags (2)
Reply

nocostk
Communicator
‎05-22-2012 12:11 PM

Never mind... I'm a moron.

You do slap the /acl handler. I had a problem with one of my variable.

Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...