I am having issues with dbx queries
I created a dashboard with dbx queries, I can run the queries, dashboard displays fine for me and other admins but standard users (non admins) get "unknown search command 'dbxquery'".
I am domain admin.
I am an admin on splunk
The users having the issue
I was looking at the article that would kind of explain why it works for me (being local admin on the splunk server)
Before using DB Connect, the logged-in user must have the ability to write to the $SPLUNK_HOME/var directory (%SPLUNK_HOME%\var on Windows hosts) and to $SPLUNK_HOME/etc/apps/splunk_app_db_connect ($SPLUNK_HOME/etc/apps/splunk_app_db_connect on Windows hosts) and its sub-directories
Am i reading this right? i have to grant read access on the splunk server directly if the dashboard user doesn't have permission to these folders? Surely i have that wrong? It can't be the case?
the users needs to have access to the custom commands "dbxquery"
settings > advanced search > search commands
you have to tweak the permissions on the command. By default, only users with the role "admin & db_connect_*" have access to the command.
Either you expand the right, or you add the user that needs to do dbxquery the role "db_connect_user"