Hi, How could I add a new role via REST API ? When I try to send the following HTTP POST via Postman: URL: https://localhost:8089/services/authorization/roles?name=newrole Method: POST Authorization: Basic -credentials-, where -credentials- is the base64 encoding of ID and password joined by a colon. I got: Cannot perform action "POST" without a target name to act on. <?xml version="1.0" encoding="UTF-8"?> <response> <messages> <msg type="ERROR">Cannot perform action "POST" without a target name to act on.</msg> </messages> </response> What does target name refer to? And how could I set the value in order to get the HTTP POST request to work ? ... View more

Hi. I am trying to submit events, from a scripted input, with user 'nobody' I am getting this error: HTTP 403 Forbidden -- insufficient permission to access this resource In order to submit my events I did the following: Set tup my script in inputs.conf like this [script://$SPLUNK_HOME/etc/apps/my_app/bin/my_script.py] disabled = false index = my_index interval = * * * * * sourcetype = generic_single_line passAuth = nobody As explained in the documentation, http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf I am getting an auth token for my script. passAuth = <username> * User to run the script as. * If you provide a username, the instance generates an auth token for that user and passes it to the script via stdin. I am using the generated auth_token on my script like this. service = client.Service(token=auth_token, app='my_app') index = service.indexes["my_index"] index.submit("Test", sourcetype="my_sourcetype", host="my_host", source="my_source") I also tried: kwargs = {"owner":"nobody","app":"my_app","token":auth_token} service = client.connect(**kwargs) index = service.indexes["my_index"] index.submit("Test", sourcetype="my_sourcetype", host="my_host", source="my_source") None of them work, as soon as it reaches the line: index.submit(), it throws the HTTP 403 Forbidden error. If I change the 'nobody' user to any other user, even a user with USER role, it works well. But I am required to make my script work with the 'nobody' one. Any ideas on what I'm doing wrong ? ... View more

Hi, I can not get my App for AWS Billing (SplunkAppforAWSBilling v2.0.10) fetching data. I have downloaded and installed App for AWS Billing, setup the credentials on aws.yaml properly, and verified that System Group have Full Control Permissions to the whole $SPLUNK_HOME\etc\apps\SplunkAppforAWSBilling However, I still can not make my App to fetch data. I am not getting any error messages in $SPLUNK_HOME/var/log/splunk/SplunkAppforAWSBilling.log I am getting the following error messages in splunkd.log ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SplunkAppforAWSBilling\bin\FetchDetailedReport.py"" in "C:\Program Files\Splunk\etc\apps\SplunkAppforAWSBilling\local\aws.yaml", line 3, column 19 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SplunkAppforAWSBilling\bin\FetchDetailedReport.py"" yaml.scanner.ScannerError: mapping values are not allowed here ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SplunkAppforAWSBilling\bin\FetchDetailedReport.py"" self.get_mark()) ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SplunkAppforAWSBilling\bin\FetchDetailedReport.py"" File "C:\Program Files\Splunk\etc\apps\SplunkAppforAWSBilling\bin\yaml\scanner.py", line 580, in fetch_value ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SplunkAppforAWSBilling\bin\FetchDetailedReport.py"" return self.fetch_value() Well, here i got stuck. Any ideas ? ... View more