Splunk Search

What are the minimum set of capabilities to log in to Splunk and search an index?

the_wolverine
Champion

I want to create a standalone user role to access a single index for search only. I do not want to inherit any existing role.

What are the minimum capabilities required to do this?

1 Solution

the_wolverine
Champion

It looks like these are the minimum capabilities.

get_metadata = enabled
rest_properties_get = enabled
search = enabled

View solution in original post

the_wolverine
Champion

It looks like these are the minimum capabilities.

get_metadata = enabled
rest_properties_get = enabled
search = enabled

w531t4
Path Finder

is this for web only, or api only?

0 Karma

the_wolverine
Champion

This is web and api. There is currently no distinction between the two.

0 Karma

acharlieh
Influencer

It's been a while since I've looked into things... but are you asking for members of this role to execute searches via the Splunk Web or the API only ?

0 Karma
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...