Splunk Search

why user with same role not able to see data

vikramyadav
Contributor

Hi Guys,

I have created a simple query with stats command and I'm able to see the required results.

If same search is ran by another user he is not able to see results but if that user removes commands from the search query he is able to see events.

I checked permission of that user and it have same roles which I have.

So I beleive it's not a permission issue.

Labels (2)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust
Can it be hat this error_id field is your own field extraction not shared within app or global level?

View solution in original post

isoutamo
SplunkTrust
SplunkTrust
Hi
can you post the query, description of environment (single node, shared environment etc.)?
r. Ismo
0 Karma

vikramyadav
Contributor

Hi @isoutamo,

It's a single node. Below is the search query which I'm using.

index=abc host=xyz "Error executed unexpected" | stats count(error_id) as error

If user is running whole seach query he is not able to see results where as if user is not using command he is able to see events.

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Can it be hat this error_id field is your own field extraction not shared within app or global level?

vikramyadav
Contributor

thanks, @isoutamo  that worked.

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...