Skip to content

create-read-write

Estimated time to read: 2 minutes

Experimental-feature notice

This page discusses experimental features. Experimental features are still in progress, and you may encounter bugs or unexpected behavior when using them.

If you experience an issue or want to know more about this feature's status, reach out to us at Era Software.

Acquisition notice

In October 2022, ServiceNow acquired Era Software. The documentation on this site is no longer maintained and is intended for existing Era Software users only.

To get the latest information about ServiceNow's observability solutions, visit their website and documentation.

This command creates a read/write index-level role and then generates an API key for it.

Warning

This command requires the security database permission.

usage: eractl rbac create-read-write [-h] [--url URL] [--key KEY] [-i INDEXES] [-o OUTPUT_FILE] [-r ROLE_NAME] [--no-key]

optional arguments:
  -h, --help            show this help message and exit
  --url URL             EraSearch URL, set via environment with ERACTL_URL (default: http://localhost:9200)
  --key KEY             EraSearch API key, set via environment with ERACTL_API_KEY (default: None)
  -i INDEXES, --indexes INDEXES
                        Comma-delimited list of indexes to restrict key access to, defaults to '*' (all indexes) (default: *)
  -o OUTPUT_FILE, --output OUTPUT_FILE
                        File path to store key output (default: None)
  -r ROLE_NAME, --role-name ROLE_NAME
                        Name to use for role (default: None)
  --no-key              Skip generating API key following role creation (default: False)

To run:

eractl rbac create-read-write --url https://erasearch.example.com --key ******

Or to pass arguments from the environment:

export ERACTL_URL="https://erasearch.example.com"
export ERACTL_API_KEY="******"
eractl rbac create-read-write

When run, this command will:

  • Create a new role with an auto-generated name (override with -n) and read-write access to the specified indices
  • If --no-key is not specified, an API key for the previously-created role will be created
  • If -o option is specified, the key data will be persisted to the provided path. Otherwise the key data will be written to a file in the current working directory.

Examples

To create a read-write role called era-log-manager with access to the index pattern era_logs-{YYYY-MM-DD}, use:

eractl rbac create-read-write -r 'era-log-manager' -i 'era_logs-*'

If -n is not specified, a role name will be auto-generated.

To create a read-write role with access to the cloud-app-logs-{YYYY-MM-DD} and kubernetes-logs-{YYYY-MM-DD} indices, use:

eractl rbac create-read-write -i 'cloud-app-logs-*,kubernetes-logs-*'
Last update: August 7, 2023