Solved: Search Command "file"

jcisha · ‎01-15-2013

URL : http://docs.splunk.com/Documentation/Splunk/5.0.1/SearchReference/SearchCheatsheet

URL in the

Display events from the file "messages.1" as if the events were indexed in Splunk.
"| File / var/log/messages.1"

Were tested with the contents of the manual
However, it does not work properly.

Search Command "file" Command does not use you asking?

Suda · ‎01-15-2013

Hello,

You may need to add the "use_file_operator" capability into your role in order to use the "file" search command.

If my role doesn't have this capability, Splunk reports the error message; "You have insufficient privileges to perform this operation."
And the default admin role doesn't have it. So, you need to add it.

Thanks.

View solution in original post

Suda · ‎01-15-2013

Hello,

You may need to add the "use_file_operator" capability into your role in order to use the "file" search command.

If my role doesn't have this capability, Splunk reports the error message; "You have insufficient privileges to perform this operation."
And the default admin role doesn't have it. So, you need to add it.

Thanks.

jcisha · ‎01-16-2013

Thank you.
Did not set the roles(use_file_operator).

Search Command "file"

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation