Alerting

Role Capabilities for splunkd-log

eekanem
New Member

Hi, what is the minimum capability without admin_for_all for a non-admin user to access splunkd-log object?

0 Karma

rupkumar4sec
Path Finder

I am not sure what you mean by splunkd-log object but if you are trying to access splunkd internal logs, you just need to add  those internal indexes or "_*"  to srchIndexesAllowed . 

0 Karma

eekanem
New Member

That does not seem to be enough for me. I noticed that with the power user I could access the splunk internal logs so I added the capabilities to my role but it still does not work.

0 Karma
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...