Splunk Enterprise

Error after MISP feed integration with Splunk Add-ons MISPs.

New Member

I've lately installed MISP add-on app from Splunk to integrate our MISP environment feed to Splunk app using the URL and the Auth API.  That being said, I was able to configure it with details required in MISP add-on app. However, after the configuration, I'm getting the following error:

(Restricting results of the "rest" operator to the local instance because you do not have the "dispatch_rest_to_indexers" capability).

Furthermore, by looking into the role capabilities under Splunk UI setting, I dont see "dispatch_rest_to_indexers" role either.

Could someone please assist?

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...