Configure Splunk Infrastructure Monitoring Add-on ...

las · ‎10-18-2024

Hi.

We are just starting to use Splunk Infrastructure monitoring, and have added the "Splunk Infrastructure Monitoring Add-on".

We have created the connection to Splunk Observability, without any problems, and admins can run the search command "| sim flow query=..." without any problems.

The problem arises when a normal user is trying the same command, where we get the following error message:
"Error in "sim" command: Splunk Infrastructure Monitoring API Connection not configured."

I have reviewed all permissions I could think of, and except for a couple og view, there is public access. I can't find any new capabilities, that might need to be added.

If anyone can point me in the right direction, it would be greatly appriciated.

Kind regards

dural_yyz · ‎10-18-2024

# simquery command
[commands/simquery]
access = read : [ admin ], write : [ admin ]
export = system

This is the default.meta file shipped with the application. Without additional roles added then it seems to make sense only admins can utilize the command structure as you have indicated. I would first start with adding a role that is escalated from just the user level and verify.

las · ‎12-09-2024

Sorry about the delay.

Unfortunately this does not seem to be the problem I have changed the local.meta to

# simquery command
[commands/simquery]
access = read : [ * ], write : [ admin ]

And restartet - that why it took so long - but I still get the same error

Configure Splunk Infrastructure Monitoring Add-on to give users access to sim command

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...