-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
saved_searches only works for new resource creation #127
Comments
We have a similar issue related to permissions. The changes are applied only if the Splunk user has the "admin_all_objects" capability. |
We're observing the same with I've tried @yuriyonamine's suggestion to add I'm using I see the following in the tf log which indicates the update maybe getting rejected. -
|
We were running into this exact same issue. Our Terraform CI/CD pipelines could create and destroy splunk alerts/dashboards but not update them. I logged into the Splunk Cloud web UI with the same credentials as the pipeline and was able to update the alerts, which seemed to indicate that it was only an issue with the Terraform provider. In the Splunk Terraform provider versions up to 1.4.19, the pipeline would act like it applied the changes. Starting in 1.4.20+, it threw this error:
Through trial and error, I determined that the Splunk TF provider requires the Here is the full list of capabilities that we now use for our Terraform Splunk role:
|
terraform version: 0.15.0
provider version: 1.4.13
we are using terraform to create alert in Splunk cloud, and
https://registry.terraform.io/providers/splunk/splunk/latest/docs/resources/saved_searches this resource only works to create new alerts, when changing existing ones, it didn't work.
the video replay would be here https://drive.google.com/file/d/1Qb0bW6pSZT5FmFe_dNdpO9TIarSthUO5/view?usp=sharing
The text was updated successfully, but these errors were encountered: