I have a problem with a user.
I've just created a new user and it seems ok when I use it with Splunk.
However, I have no authorization when I try to use it with REST.
Is there a particular parameter to use the REST API with a certain user?
Thanks in advance
Yes, you'll need to add certain capabilities to that user or that users's role(s).
This can be done by going to Settings > Access Controls > Roles - then choosing a role and scrolling to about halfway down the page. Then chose which capabilities are enabled for that particular role.
The relevant conf is authorize.conf:
[capability::rest_apps_view] * Required to list various properties in the python remote apps handler. * See restmap.conf for more info [capability::rest_properties_get] * Required to get information from the services/properties endpoint. [capability::rest_properties_set] * Required to edit the services/properties endpoint.
Note that you may need to also look at
restmap.conf depending on what you're trying to do. However, most likely, you just need to add the capabilities defined above.
Thanks for your answer.
But, I have already theses capabalities for my role.
That's why I don't understand why I cannot do a curl request...
It is possible to request on the api with the Admin user...
Another idea ? 🙂
when i search index=_internal
It seems that I have no ldap authorization...
But it is not an ldap user...
And I have an another user with the same configuration and it works with api rest.