Security

Role capabilities required to add a new search peer

pbunce1
Explorer

I currently have Admin level access on my own Splunk instance and want to add a new search peer (another Splunk isntance) - the user account I have access to on the other search peer is default user acccess and am able to run searches etc.)

When trying to add the new seach peer I get this error:
Encountered the following error while trying to save: In handler 'distsearch-peer': Status 403 while sending public key to search peer https://MYSERVERXXX.com:8089: In handler 'certificates': You do not have permission to perform this operation (requires capability: edit_user).

I assume this relates to access issues on the external splunk instance (given that I have admin access on my own) - is it correct to require raised privs incuding edit_user on the external splunk instance just so that I can add it as a new search peer on my own instance?

Thanks

Phil

Tags (1)
1 Solution

dart
Splunk Employee
Splunk Employee

Essentially adding a search peer is setting up a trust between the search head and the peer, so you need permission to be able to do that.

View solution in original post

0 Karma

dart
Splunk Employee
Splunk Employee

Essentially adding a search peer is setting up a trust between the search head and the peer, so you need permission to be able to do that.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...