I was using IFX and regex to extarct fields from my log but I keep getting this error in the Splunkd Log
03-13-2013 05:45:49.662 -0700 WARN AdminManager - Handler 'props-extract' has not performed any capability checks for this operation(requestedAction=edit, customAction="acl", item="iis-xpox : REPORT-iismpos"). This may be a bug.
03-13-2013 05:11:42.920 -0700 WARN AdminManager - Handler 'props-extract' has not performed any capability checks for this operation(requestedAction=list, customAction="acl", item="mpos-devicelog : EXTRACT-xpox-devicelog")
This error pops up everytime I try to change the permissions on the extraction.
This was placed in
EXTRACT-category-message = [^\]\n]*\]\s+(?P<category>\[([^ ]+|\w+\s+\w+|\w+\s+\w+\s+\w+\s+\w+|)\])\s+(?P<message>.+)
Any help appreciated
Here was my workaround for now. I moved these configs out of etc\system\local and created another app. This seems to be working for now.
Make sure that
$APP_HOME/metadata has two files: default.meta and local.meta.
$APP_HOME is whatever app you were in at the time the error occurred. You should also check those files for anything relating to "iis-xpox" or "xpox-devicelog" to make sure you have permissions to those files. Also, might be a bug (what version Splunk do you have?)
Yeah, those are the metadata for the system folder. Don't mess with the default one, but check the local one for your stanzas.
Is there a metedata for etc\system\local? files..
There is a etc\system\metadata in which both files are there ( default & local)
What version of Splunk?