Hi all
I got some strange errors by trying to add more member nodes in our Search Head Cluster.
First of all, I could not add more members later on.
After reading the wiki Clean the Splunk instance and perfoming the following well explained steps, i got an error and the Search Head is now dead.
First I cleaned the Search head:
splunk stop
splunk clean all
splunk start
Then, trying again to add the member to the Search Head cluster, I got the following error:
/opt/splunk/bin/splunk init shcluster-config -auth admin:<password> -mgmt_uri https://shc1.logcentral.media.int:8089 -replication_port 8090 -replication_factor 3 -conf_deploy_fetch_url https://shcdep1.logcentral.media.int:8089 -secret <secret-pw> -shcluster_label Production_SHC
You (user=admin) do not have permission to perform this operation (requires capability: edit_search_head_clustering).
Do you have any idea what's wrong?
You (user=admin) do not have permission to perform this operation (requires capability: edit_search_head_clustering).
The error denotes that the user does not have the capability to perform the action. You can tweak the authorize.conf or from GUI, Access controls » Roles » *** and provide the access under Capabilities.
By default, an admin will have the privilege.