Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Receive 403 when trying to create a scheduled search/alert #165

Open
reachuttam opened this issue Jun 6, 2023 · 1 comment
Open

Receive 403 when trying to create a scheduled search/alert #165

reachuttam opened this issue Jun 6, 2023 · 1 comment

Comments

@reachuttam
Copy link

We use a Splunk restapi user that can authentocate to Splunk fine but receive a 403 when trying to create a scheduled search/alert.

Further research shows that the terraform user is hitting the rest endpoint of "GET /servicesNS/admin/launcher/saved/searches" for which it is not authorized. Only Splunk Admins can reach "GET /servicesNS/admin/launcher/saved/searches".

How can we switch the rest endpoint for terraform user to use "GET /servicesNS/user/launcher/saved/searches" instead of "GET /servicesNS/admin/launcher/saved/searches".

Thank you
@cbaxtersf
Copy link

@reachuttam try setting the acl object on the resource. Example would be:

 acl {
    owner   = "user"
    app     = "launcher"
  }

The above acl object would generate an address like: /servicesNS/user/launcher/saved/searches

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@reachuttam @cbaxtersf