Solved: Search Command "file"

jcisha · ‎01-15-2013

URL : http://docs.splunk.com/Documentation/Splunk/5.0.1/SearchReference/SearchCheatsheet

URL in the

Display events from the file "messages.1" as if the events were indexed in Splunk.
"| File / var/log/messages.1"

Were tested with the contents of the manual
However, it does not work properly.

Search Command "file" Command does not use you asking?

Suda · ‎01-15-2013

Hello,

You may need to add the "use_file_operator" capability into your role in order to use the "file" search command.

If my role doesn't have this capability, Splunk reports the error message; "You have insufficient privileges to perform this operation."
And the default admin role doesn't have it. So, you need to add it.

Thanks.

View solution in original post

Suda · ‎01-15-2013

Hello,

You may need to add the "use_file_operator" capability into your role in order to use the "file" search command.

If my role doesn't have this capability, Splunk reports the error message; "You have insufficient privileges to perform this operation."
And the default admin role doesn't have it. So, you need to add it.

Thanks.

jcisha · ‎01-16-2013

Thank you.
Did not set the roles(use_file_operator).

Search Command "file"

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life