Hello Team,
I am trying to create TCP and UDP ports from Splunk cloud REST api's, but i am getting below permission error.
Please suggest me what permissions i need to change.
<msg type="ERROR">You (user=*****) do not have permission to perform this operation (requires capability: edit_tcp).</msg>
How can i give edit_tcp role to my account.
Thanks,
venkata.
Hey @krishnabv
Neither the Splunk cloud IDM or SH allow us to create TCP/UDP inputs on their environment.
You could leverage on premise Heavy forwarder to create those inputs and connect that HF to Splunk cloud by deploying the Splunk cloud UF credentials package app on that machine.
Hope this helps.
Thanks
Hi Danielcj,
I am using below endpoint to create port in Splunk cloud.
https://sap-is-splunk.splunkcloud.com:8089/servicesNS/*****/search/data/inputs/tcp/raw
Thanks,
Venkata.
Hi
you cannot create TCP/UDP inputs on Splunk Cloud. If you need those, you must set up own HF/UF in OnPrem and add those there. Or even better just set up e.g. SC4S or other Syslog server to take care of TCP inputs.
r. Ismo
Hello @krishnabv , which endpoint are you using to create these ports on Splunk Cloud?
It should not be allowed to create TCP/UDP inputs on Splunk Cloud since it only accepts connections from forwarders that have the correct SSL certificates and if you want to send data via TCP/UDP sources you should use a forwarder.