This is a new install. I am trying to add new data and getting an error message:
"You do not have the capability to add data. Please contact your administrator"
This was installed from my Unix team, under the root user. I am assigned another account with full rights on the server.
Is there something that I am missing to be able to get this to work?
Hi jclark4, you'll need to make sure that you have administrative capabilities in the context of the Splunk instance you are trying to modify. Check out the admin manual for more info on this. Essentially, you'll want to make sure that your Splunk account is in the admin role. http://docs.splunk.com/Documentation/Splunk/6.0.2/Admin/Aboutusersandroles
Otherwise, you can directly edit the filesystem, modifying inputs.conf as desired to setup file monitor, scripted inputs or whatever config you want to get the data in.
Please let me know if this helps!
splunk btool authorize list to check that the role you have still has the capabilities associated with adding data (edit_input_defaults, edit_monitor, indexes_edit, list_inputs, etc) Perhaps someone messed around with the capabilities given to default roles.