Security

Possible bug with changing permission on source based field extraction

knielsen
Contributor

Hello,

I just ran into the issue that I couldn't change the permission of a source based field extraction via GUI on 7.3.1.

This only happens for source based field extrations, sourcetype ones are not affected.

Clicking on the "Permissions" Link in Sharing results in an error like this:

Splunk could not retrieve permissions for resource data/props/extractions [HTTP 404] https://127.0.0.1:8089/servicesNS/kainiels/search/data/props/extractions/source%253A%253A%252Fvar%25...; [{'type': 'ERROR', 'text': 'Could not find object id=source%3A%3A/var/log/bar : EXTRACT-foo', 'code': None}]

Can someone confirm that issue, or is our installation maybe broken somehow? I didn't see this mentioned in the release notes of later versions...

Labels (1)

darius_diederic
Engager

I received word from developers this bug will be fixed on version 7.2.11, 7.3.6 and 8.0.4 with a release date of 05/12/2020.

dbot2001
Path Finder

Is there a workaround for this?

Tags (1)
0 Karma

kaurinko
Communicator

I can confirm, that this only happens for source based field extractions. Ones with sourcetype-based searches are not affected.

0 Karma

kaurinko
Communicator

I have the same problem with 8.0.1. Would be interested to know if there is a solution.

darius_diederic
Engager

I have the same problem with version 7.2.9.1. It appears to me that this error occurs for any field extraction that contains a forward slash /. Did happen to get any confirmation this is a bug?

Get Updates on the Splunk Community!

Streamline Data Ingestion With Deployment Server Essentials

REGISTER NOW!Every day the list of sources Admins are responsible for gets bigger and bigger, often making the ...

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

REGISTER NOW!Join us for a Tech Talk around our latest release of Splunk Enterprise Security 7.2! We’ll walk ...

Introduction to Splunk AI

WATCH NOWHow are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. ...