Advanced Edit Option not available for users other than Admin

New Member


I am the admin for a clustered Splunk environment, we are running Enterprise Splunk version 7.3.2. I have several different Apps that my customers use and access to each app is managed via Active directory groups and LDAP authentication. I am struggling with the settings for an alert in a particular app. I am trying to determine how I can make the "Advanced Edit" option available to all users who have access to this particular App.

I have ensured that all roles associated with the App have write permissions for the alert. The only way I can get the "Advanced Edit" option to display is to make an individual user the owner of the alert. When I make a user the owner of the alert, only the owner and admin can see the "Advanced Edit" option from the Searches, Reports, and Alerts UI screen. Am I missing a setting somewhere? Any help you provide is greatly appreciated!!alt text alt text

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...