Security

What capabilities are required to add a Data Input for Remote event log collections?

gildanieli
New Member

I want to grant a role the ability to create a new Event Log Collection data input. What capabilities can I grant to the role, to accomplish this, and do I need to make any other changes to the role i.e. edit one of the config files?

Running on Windows, version 5.0.1.

Tags (1)
0 Karma

amiracle
Splunk Employee
Splunk Employee

I was able to grant the access to the user by giving access to the role "splunk-system-role." The capabilities it has listed are:
accelerate_datamodel
accelerate_search
admin_all_objects
change_authentication
change_own_password
edit_deployment_client
edit_deployment_server
edit_dist_peer
edit_forwarders
edit_httpauths
edit_input_defaults
edit_monitor
edit_roles
edit_scripted
edit_search_server
edit_server
edit_splunktcp
edit_splunktcp_ssl
edit_tcp
edit_udp
edit_user
edit_view_html
edit_web_settings
embed_report
get_diag
get_metadata
get_typeahead
indexes_edit
input_file
license_edit
license_tab
list_deployment_client
list_deployment_server
list_forwarders
list_httpauths
list_inputs
output_file
request_remote_tok
rest_apps_management
rest_apps_view
rest_properties_get
rest_properties_set
restart_splunkd
rtsearch
run_debug_commands
schedule_rtsearch
schedule_search
search

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with William Searle

The Splunk Guy: A Developer’s Path from Web to Cloud William is a Splunk Professional Services Consultant with ...

Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!

Attention App Developers: Test Your Apps with the Splunk 10.0 Beta and Ensure Compatibility Before the ...

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...