I am not sure what you mean by splunkd-log object but if you are trying to access splunkd internal logs, you just need to add those internal indexes or "_*" to srchIndexesAllowed .
That does not seem to be enough for me. I noticed that with the power user I could access the splunk internal logs so I added the capabilities to my role but it still does not work.
.conf21 Now Fully Virtual!
Register for FREE Today!
We've made .conf21 totally virtual
and totally FREE! Our completely
online experience will run from 10/19
through 10/20 with some additional
events, too!
