Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Cloud- How do I run rest dispatch_rest_to_indexers?

KeithH
Path Finder
‎10-28-2021 02:58 PM

Hi.

I am trying to run this in splunk cloud:

|rest /services/search/jobs|search isRealTimeSearch=1

But getting this:

Restricting results of the "rest" operator to the local instance because you do not have the "dispatch_rest_to_indexers" capability

I have looked at users and roles and that capability is not in the list to choose.  It is in theSplunk Cloud documentation but simply isnt there to select.

Any ideas why?

Thanks, Keith

Labels (1)
Labels
0 Karma
Reply

faRRe
Splunk Employee
Splunk Employee
‎06-01-2023 11:01 AM

You can include in your searches splunk_server=local this will let you retrieve the information from the indexes without the need for the dispatch_rest_to_indexers since this capability is not added to the Cloud users due to security purposes.

0 Karma
Reply

Keith_wgtn
Explorer
‎11-01-2021 02:00 PM

Thanks - I have logged a case with Splunk.

 

0 Karma
Reply

somesoni2
Revered Legend
‎10-28-2021 03:32 PM

Have a look at this: https://community.splunk.com/t5/Monitoring-Splunk/Why-am-I-gettin-the-warning-quot-Restricting-resul...

0 Karma
Reply

KeithH
Path Finder
‎10-28-2021 04:50 PM

Hi Somesoni2 - thanks for the reply.

I had seen the post you referred to and re-read it again but it doesnt helpe becuase:

1) the capability is not in the list to select when editing a role - see screenshot below

2) I cant edit the authorize.conf because I am running Splunk Cloud which means I cant access the folders on the server.

Any other suggestions????

Thanks, Keith

KeithH_0-1635464986846.png

 

0 Karma
Reply

somesoni2
Revered Legend
‎10-28-2021 05:58 PM

I believe its a known bug. I would contact Splunk support to confirm the same. See the bottom thread of this post: https://community.splunk.com/t5/Monitoring-Splunk/Warnings-on-Splunk-TCP-Port-Closures-Splunk-Cloud/...

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...