I was using IFX and regex to extarct fields from my log but I keep getting this error in the Splunkd Log
03-13-2013 05:45:49.662 -0700 WARN AdminManager - Handler 'props-extract' has not performed any capability checks for this operation(requestedAction=edit, customAction="acl", item="iis-xpox : REPORT-iismpos"). This may be a bug.
03-13-2013 05:11:42.920 -0700 WARN AdminManager - Handler 'props-extract' has not performed any capability checks for this operation(requestedAction=list, customAction="acl", item="mpos-devicelog : EXTRACT-xpox-devicelog")
This error pops up everytime I try to change the permissions on the extraction.
This was placed in
EXTRACT-category-message = [^\]\n]*\]\s+(?P<category>\[([^ ]+|\w+\s+\w+|\w+\s+\w+\s+\w+\s+\w+|)\])\s+(?P<message>.+)
Any help appreciated
Make sure that
$APP_HOME/metadata has two files: default.meta and local.meta.
$APP_HOME is whatever app you were in at the time the error occurred. You should also check those files for anything relating to "iis-xpox" or "xpox-devicelog" to make sure you have permissions to those files. Also, might be a bug (what version Splunk do you have?)