Security

Role capabilities required to add a new search peer

pbunce1
Explorer

I currently have Admin level access on my own Splunk instance and want to add a new search peer (another Splunk isntance) - the user account I have access to on the other search peer is default user acccess and am able to run searches etc.)

When trying to add the new seach peer I get this error:
Encountered the following error while trying to save: In handler 'distsearch-peer': Status 403 while sending public key to search peer https://MYSERVERXXX.com:8089: In handler 'certificates': You do not have permission to perform this operation (requires capability: edit_user).

I assume this relates to access issues on the external splunk instance (given that I have admin access on my own) - is it correct to require raised privs incuding edit_user on the external splunk instance just so that I can add it as a new search peer on my own instance?

Thanks

Phil

Tags (1)
1 Solution

dart
Splunk Employee
Splunk Employee

Essentially adding a search peer is setting up a trust between the search head and the peer, so you need permission to be able to do that.

View solution in original post

0 Karma

dart
Splunk Employee
Splunk Employee

Essentially adding a search peer is setting up a trust between the search head and the peer, so you need permission to be able to do that.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...