Security

What capabilities are required to add a Data Input for Remote event log collections?

gildanieli
New Member

I want to grant a role the ability to create a new Event Log Collection data input. What capabilities can I grant to the role, to accomplish this, and do I need to make any other changes to the role i.e. edit one of the config files?

Running on Windows, version 5.0.1.

Tags (1)
0 Karma

amiracle
Splunk Employee
Splunk Employee

I was able to grant the access to the user by giving access to the role "splunk-system-role." The capabilities it has listed are:
accelerate_datamodel
accelerate_search
admin_all_objects
change_authentication
change_own_password
edit_deployment_client
edit_deployment_server
edit_dist_peer
edit_forwarders
edit_httpauths
edit_input_defaults
edit_monitor
edit_roles
edit_scripted
edit_search_server
edit_server
edit_splunktcp
edit_splunktcp_ssl
edit_tcp
edit_udp
edit_user
edit_view_html
edit_web_settings
embed_report
get_diag
get_metadata
get_typeahead
indexes_edit
input_file
license_edit
license_tab
list_deployment_client
list_deployment_server
list_forwarders
list_httpauths
list_inputs
output_file
request_remote_tok
rest_apps_management
rest_apps_view
rest_properties_get
rest_properties_set
restart_splunkd
rtsearch
run_debug_commands
schedule_rtsearch
schedule_search
search

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...