I'm trying to script something out to create an event type and then set the permissions on it. I've got the creation down just fine:
curl -s -k -H "Authorization: Splunk <authstring>" https://splunksearch:8089/servicesNS/nobody/search/saved/eventtypes -d name=SA-1234 -d search='"host=web01*"' -d tags=alert-shop
However, I'm unable to set the permissions using the above URI. Scouring through the documentation it seems I need to slap the acl of the object via:
curl -s -k -H "Authorization: Splunk <authstring>" https://splunksearch:8089/servicesNS/nobody/search/saved/eventtypes/SA-1234/acl -d perms.read=* -d perms.write=admin,power -d sharing=app"
However, the API returns the following :
<msg type="ERROR">In handler 'eventtypes': Argument "perms.read" is not supported by this handler.</msg>
If I remove perms.read it will just complain about another (e.g. sharing=app). How do I properly set the permissions via the API in Splunk 4.3.2?
Never mind... I'm a moron.
You do slap the /acl handler. I had a problem with one of my variable.