We are planning to give access to a few users to check the license usage and run the search below to find the server that is forwarding a large size of files.
index=_internal source=*license_usage.log type=Usage
| stats sum(b) as bytes by h
| eval MB = round(bytes/1024/1024,1)
| fields h MB
| rename h as host
And we are planning to create a new role for this operation and assigning it to specific users. Can someone suggest what all are capabilities needs to be assigned to that role to get this access? Thanks!