Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- role problem
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
role problem
anissabnk
Path Finder
04-29-2024
07:05 AM
Hello,
I'm having problems using roles.
I use this search, which gives me results via the admin role.
[search index="idx_arv_ach_cas_traces" source="*orange_ach_cas_traces_ac_20*" nom_prenom_manager="*" nom_prenom_rdg="*" cuid="*" ttv="*" (LibEDO="*") (LibEDO="*MAROC ANNULATION FIBRE INTERNET" OR LibEDO="*MAROC CTC ET PROSPECT" OR LibEDO="*MAROC CTC HOME" OR LibEDO="*MAROC HORS-PROD" OR LibEDO="*MAROC N1 ACH" OR LibEDO="*MAROC N2 ACH GESTION" OR LibEDO="*MAROC N2 ACH RECLAMATION" OR LibEDO="*MAROC N2 ACH RECOUVREMENT" OR LibEDO="*MAROC RECOUVREMENT SOSH" OR LibEDO="*MAROC GESTION MS") ((lib_origine="Appel Reco" OR "Appel Sortant" OR "BO Récla Recouv" OR "Correspondance Entrante" OR "Correspondance Sortante" OR "Courrier Ent Fidé" OR "Etask")
OR (lib_motif="Contact Flash" OR "Contact non tracé" OR "Traiter une demande en N2" OR "Verbatim urgent")
OR (lib_resultat="Client Pro" OR "Contact Flash" OR "Contact non tracé"))
AND (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01")
| eventstats sum(total) as "Nbre_de_tracages" by lib_origine
| top "Nbre_de_tracages" lib_origine
| sort - "Nbre_de_tracages"
| head 5
| streamstats count as row_number
| search row_number=1
| return lib_origine]
nom_prenom_manager="*" nom_prenom_rdg="*" cuid="*" ttv="*" (LibEDO="*") (LibEDO="*MAROC ANNULATION FIBRE INTERNET" OR LibEDO="*MAROC CTC ET PROSPECT" OR LibEDO="*MAROC CTC HOME" OR LibEDO="*MAROC HORS-PROD" OR LibEDO="*MAROC N1 ACH" OR LibEDO="*MAROC N2 ACH GESTION" OR LibEDO="*MAROC N2 ACH RECLAMATION" OR LibEDO="*MAROC N2 ACH RECOUVREMENT" OR LibEDO="*MAROC RECOUVREMENT SOSH" OR LibEDO="*MAROC GESTION MS") ((lib_origine="Appel Reco" OR "Appel Sortant" OR "BO Récla Recouv" OR "Correspondance Entrante" OR "Correspondance Sortante" OR "Courrier Ent Fidé" OR "Etask")
OR (lib_motif="Contact Flash" OR "Contact non tracé" OR "Traiter une demande en N2" OR "Verbatim urgent")
OR (lib_resultat="Client Pro" OR "Contact Flash" OR "Contact non tracé"))
AND (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01")
| stats sum(total) as "nb_tracages" by cuid lib_origine
| sort -nb_tracages
| head 5When I use another role, the first part of the search works, but not the second.
The search on : nom_prenom_manager="*" , ... doesn't give any results, whereas with the admin role, it does.
I can't modify the query because I don't have rights to it, but I have to play with the roles.
I'd like to point out that the manager_last_name field is obtained via an automatic lookup. But there's no problem with specific rights for the admin role.
I've tried everything, but I can't find a solution, please have an idea.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kprior201
Path Finder
04-30-2024
05:57 AM
Is there a chance that a field parsing listed in the second half of the search is not shared within the app/globally? That is the first thing that I would check - make sure all of the variables listed are shared and that the non-admin role has access to the app in which they are shared.
Got questions? Get answers!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Meet up IRL or virtually!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Get Updates on the Splunk Community!
Announcing Modern Navigation: A New Era of Splunk User Experience
We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...
