Knowledge Management
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Allowing a role to write to a non-standard summary index

willthames2
Path Finder
‎06-27-2012 06:56 PM

I have created a new summary index (let's call it summary_example) so that we can use it in an app as a destination for summary indexing.

I have given the appropriate role read access to the index, but it doesn't show up in the dropdown when enabling summary indexing for a saved search. If I do it using an admin user, it does show up.

This suggests that there is either a permission I can grant to allow write access to the summary index by the role, or a capability that the role should have to allow it to write to all summary indexes (I'd prefer the former for obvious reasons)

Reply

yannK
Splunk Employee
Splunk Employee
‎03-12-2013 02:40 PM

The new index has to be visible to the new role :

in the manager > access control > role

  • verify that the index is in the list of the "searchable indexes" (not necessarily in the "indexes searches by default" list)
  • that the role inherit from power or has the capability "schedule_search"
    • that our new index do not has CAPS or exotic characters in the name.

Other remark, if you have a distributed search and the summary index defined on the indexers (but not on the search-head), please define it also in the search-head to have it accessible in the lists (and setup your search-head to forward the events to the indexers is you want to store the results on the indexers)

0 Karma
Reply

spock_yh
Path Finder
‎08-01-2012 05:01 AM

Did you manage to find a solution to this issue? I've just encountered it as well

0 Karma
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top