What capabilities are required to add a Data Input...

gildanieli · ‎06-03-2013

I want to grant a role the ability to create a new Event Log Collection data input. What capabilities can I grant to the role, to accomplish this, and do I need to make any other changes to the role i.e. edit one of the config files?

Running on Windows, version 5.0.1.

amiracle · ‎07-14-2014

I was able to grant the access to the user by giving access to the role "splunk-system-role." The capabilities it has listed are:
accelerate_datamodel
accelerate_search
admin_all_objects
change_authentication
change_own_password
edit_deployment_client
edit_deployment_server
edit_dist_peer
edit_forwarders
edit_httpauths
edit_input_defaults
edit_monitor
edit_roles
edit_scripted
edit_search_server
edit_server
edit_splunktcp
edit_splunktcp_ssl
edit_tcp
edit_udp
edit_user
edit_view_html
edit_web_settings
embed_report
get_diag
get_metadata
get_typeahead
indexes_edit
input_file
license_edit
license_tab
list_deployment_client
list_deployment_server
list_forwarders
list_httpauths
list_inputs
output_file
request_remote_tok
rest_apps_management
rest_apps_view
rest_properties_get
rest_properties_set
restart_splunkd
rtsearch
run_debug_commands
schedule_rtsearch
schedule_search
search

What capabilities are required to add a Data Input for Remote event log collections?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform