Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can we check App permission via Splunk logs

Naga
Engager
‎02-24-2021 04:31 AM

Here is the requirement:

I wanted to create a form with list of Apps in my Search head Dropdown. If the Developer choose any App from the list then it should show what level of permission (Read / Write) to whom in the dashboard. Is the App metadata writing this information anywhere in the logs. Or can we get this via REST API Search?

 

Sample Output

AppPermission
Dashboard ExamplesREAD - * ; WRITE - POWER
  

 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎02-24-2021 05:20 AM

hi @Naga ,

Check this:

| rest /services/apps/local 
| rename "eai:acl.perms.read" AS read, "eai:acl.perms.write" AS write 
| fields title label version read write
| strcat "READ - " read "; WRITE - " write permissions

 

If this reply helps you, an upvote/like would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎02-24-2021 05:20 AM

hi @Naga ,

Check this:

| rest /services/apps/local 
| rename "eai:acl.perms.read" AS read, "eai:acl.perms.write" AS write 
| fields title label version read write
| strcat "READ - " read "; WRITE - " write permissions

 

If this reply helps you, an upvote/like would be appreciated.

Reply
Solved! Jump to solution

Naga
Engager
‎03-02-2021 07:16 AM

Thank you manjunath. It helped a lot. Can we get the same in internal logs? We have different search head and each set is owned by different teams like Team 1 Splunk Infra / Team 2 / Team 3. 

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...