Re: What else can you do with 'edit_scripted' capa...

robertlight · ‎10-07-2015

I have found that the capability 'edit_scripted' is required in order to use "runshellscript"

This apparently is undocumented.

What else can I do with "edit_scripted"???

robertlight · ‎10-14-2015

perhaps some capabilities are super-sets of edit_scripted? ie: if you have capability "X" then you don't need "edit_scripted".

I really wish someone who has access to the splunk code would weigh in here!

martin_mueller · ‎10-07-2015

According to the authorize.conf docs, edit_scripted lets you edit scripted inputs.

runshellscript as a search command is not supported: http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchReference/Runshellscript

robertlight · ‎10-13-2015

I constructed a role with very few capabilities and could not use runshellscript nor have one of my alerts call a shell script. I added 'edit_scripted' to my pared down role and voila everything started working.

Therefore, I'm guessing that it is a needed capability.

I would love it if someone from Splunk could actually consult the code to answer this question.

Yasaswy · ‎10-07-2015

Hi... I am not sure if this is true for all. I have been running scripts successfully on v6.2.4 with a generic role without "edit_scripted" capability.

What else can you do with 'edit_scripted' capability??

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk

Modern way of developing distributed application using OTel