What default Splunk role can use the Log Event alert action?
What default Splunk role can use the Log Event alert action?
The default Splunk role 'Power' is capable of using the Log Event alert action. The Power role has the necessary permissions to utilize this feature, allowing for effective logging and alerting within the platform.
Correction answer is A, the answer C i provided earlier was for anoher question.
It's C
Correct answer is the Admin user. Power user needs the edit_tcp capability. See Fundamentals 3 slide 108.
A power user with edit_tcp capability can use the log event. The Admin role is required to edit/modify it.