Has anyone gotten this working? We are receiving the following error when attempting to setup the Function1 add on: An error occurred updating credentials. Please ensure your user account has admin_all_objects and/or list_storage_passwords capabilities. ... View more

Has anyone gotten this Function1 app working? If so do you have any instructions? The README is pretty basic and we are running into an error when the add on loads in Splunk, We created a Slack Legacy API Token per the instructions and loaded it into the configuration. An error occurred updating credentials. Please ensure your user account has admin_all_objects and/or list_storage_passwords capabilities. ... View more

i have the same issue generating alerts from AWS Cloudtrail events using the Splunk App. I check for alerts every 5 minutes, and the shortest length to look back is 15 minutes since any shorter would miss critical events. I have gotten it down to just 1 duplicate alert. Where would I put the code in my search query (sample below)? aws-cloudtrail-sourcetype eventName=AuthorizeSecurityGroupEgress | dedup eventID | eval discovered_date=ceil(_time) * 1000 | fields eventID, eventTime, userIdentity.principalId, userIdentity.accessKeyId, discovered_date, eventSource, eventName, recipientAccountId, requestParameters.groupId ... View more