Getting Data In

minimum permissions required for using http simple receiver

monzy
Communicator

what are the minimum permissions required to add data to splunk using the http simple receiver http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTinput#receivers.2Fsimple

the example shows the admin user. i created a test user with a role of user and then changed the role to power user. but both return insufficient permissions.

i messed around with a custom user role adding/removing capabilities. but couldn't arrive at the right permission. is there a way to create a user not in the admin role with some minimum set of permissions to add data via the simple http receiver ?

my test attempt is below:

curl -k -u test:test "https://localhost:8089/services/receivers/simple?source=www&sourcetype=web_event" -d "Sun Jul 10 15:56:02 PDT 2011 User vishalp logged in successfully."
<?xml version="1.0" encoding="UTF-8"?>


insufficient permission to access this resource

Tags (1)
1 Solution

Neeraj_Luthra
Splunk Employee
Splunk Employee

It seems you will need the "edit_tcp" capability to be able use this endpoint.

View solution in original post

Neeraj_Luthra
Splunk Employee
Splunk Employee

It seems you will need the "edit_tcp" capability to be able use this endpoint.

kevinanderson
New Member

I downvoted this post because a vague answer

0 Karma

Anam
Community Manager
Community Manager

Hi kevinanderson

Downvoting should only be reserved for suggestions/solutions that could be potentially harmful to a Splunk environment or goes completely against known best practices. This answer seemed to work for the user who asked the question as it is an accepted answer. Simply commenting with constructive feedback on the post you are concerned with will be more beneficial for the community to learn from.

Some of the most active members in Answers have helped set the standard of how voting etiquette should work in the Splunk community which distinguishes our culture apart from other Q&A forums. Upvote early and often to give credit where it’s due for high-quality posts, comment where you think feedback needs to be given, and only downvote if something potentially dangerous is suggested. If you’re interested in seeing how this voting etiquette was developed, check out this Splunk Answers post: https://answers.splunk.com/answers/244111/proper-etiquette-and-timing-for-voting-here-on-ans.html

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

See docs for more info: http://docs.splunk.com/Documentation/Splunk/7.0.2/Admin/authorizeconf#.5Bcapability::edit_tcp.5D

Additionally, five years later I'd recommend using the HTTP Event Collector instead of mulling over old, more basic features.

0 Karma

helge
Builder

Confirmed!

0 Karma

monzy
Communicator

thanks Neeraj. verified. edit_tcp is the way to rest 🙂

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...