Security

"You do not have permission to spawn real-time searches"

matthewcanty
Communicator

Where do I find the settings to allow a user to have permission to "spawn" real-time searches?

EDIT:

What settings do I need to change. Can't see any specific "Allow real-time searches"...

1 Solution

yannK
Splunk Employee
Splunk Employee

as an admin in the manager > access control > roles

View solution in original post

yannK
Splunk Employee
Splunk Employee

as an admin in the manager > access control > roles

yannK
Splunk Employee
Splunk Employee

thanks for the last part Drainy.

matthewcanty
Communicator

Ah yes I see it now.

Manager > Access Controls > Roles > role > Capabilities > Select rtsearch

Drainy
Champion

you need them to have the rtsearch capability. Have a read of http://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities

matthewcanty
Communicator

I got that far. What setting do I need to change?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...