Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are the minimum set of capabilities to log in to Splunk and search an index?

the_wolverine
Champion
‎05-04-2016 08:01 AM

I want to create a standalone user role to access a single index for search only. I do not want to inherit any existing role.

What are the minimum capabilities required to do this?

Reply
1 Solution
Solved! Jump to solution
Solution

the_wolverine
Champion
‎05-04-2016 08:28 AM

It looks like these are the minimum capabilities. 

get_metadata = enabled
rest_properties_get = enabled
search = enabled

View solution in original post

Reply
Solved! Jump to solution
Solution

the_wolverine
Champion
‎05-04-2016 08:28 AM

It looks like these are the minimum capabilities. 

get_metadata = enabled
rest_properties_get = enabled
search = enabled
Reply
Solved! Jump to solution

w531t4
Path Finder
‎10-24-2017 07:38 PM

is this for web only, or api only?

0 Karma
Reply
Solved! Jump to solution

the_wolverine
Champion
‎02-02-2018 08:56 PM

This is web and api. There is currently no distinction between the two.

0 Karma
Reply
Solved! Jump to solution

acharlieh
Influencer
‎05-04-2016 08:06 AM

It's been a while since I've looked into things... but are you asking for members of this role to execute searches via the Splunk Web or the API only ?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top