Splunk Search

What are the minimum set of capabilities to log in to Splunk and search an index?

the_wolverine
Champion

I want to create a standalone user role to access a single index for search only. I do not want to inherit any existing role.

What are the minimum capabilities required to do this?

1 Solution

the_wolverine
Champion

It looks like these are the minimum capabilities.

get_metadata = enabled
rest_properties_get = enabled
search = enabled

View solution in original post

the_wolverine
Champion

It looks like these are the minimum capabilities.

get_metadata = enabled
rest_properties_get = enabled
search = enabled

w531t4
Path Finder

is this for web only, or api only?

0 Karma

the_wolverine
Champion

This is web and api. There is currently no distinction between the two.

0 Karma

acharlieh
Influencer

It's been a while since I've looked into things... but are you asking for members of this role to execute searches via the Splunk Web or the API only ?

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...