Alerting

How do I set permissions for 'View Results in Splunk' link in alert emails so users do not get "The view you requested could not be found"??

Engager

Splunk version 6.3.1

Scheduled search emails contain a link "View results in Splunk", but when our users (who actively use Splunk) click this link they get a message “The view you requested could not be found”. I can click the link and see the results, but I am a Splunk administrator. So this leads me to believe there is still a permissions issue residing somewhere.

The scheduled search is not privately owned, it is owned by the app and everyone has read permissions. I have tried this with two different scheduled searches and my users get the same message “The view you requested could not be found”. The results are not expired.

There is something simple I am overlooking and have run out of places to think to look.

Thanks

Contributor

Nothing worked. Can someone help me resolve the issue

0 Karma

SplunkTrust
SplunkTrust

@vijaysri You are responding to a question that is more than 2 years old so it's unlikely you'll get a response. You should post a new question explaining the problem you are having. Include a link to this question if you wish.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

Splunk Employee
Splunk Employee

This is a known bug and fixed in 6.3.2. Try the latest release and see if that helps you.

0 Karma

Engager

None of these answers worked. All my users still get the error message stated in OP. I as the administrator do not have this issue when I click the link the results come up.

0 Karma

Motivator

Hi Cduryea,

You can set permissions on a per-object and per-app basis in Splunk Manager. Follow these instructions:

1. Click Settings in the top-level Splunk Enterprise menu.
2. In the Knowledge panel, select a category containing the object you want to edit permissions for. For example, to change permissions on a saved search, click Searches and reports. You can also select All configurations to access all the configurations in a given app.
3. Once you've found the object you want to set permissions for, click the permissions link next to the object.
4. Set permissions to read and/or write for all the roles listed.
5. Click Save.

Ref: http://docs.splunk.com/Documentation/Splunk/6.3.2/AdvancedDev/SetPermissions

Thanks,
V

SplunkTrust
SplunkTrust

Who is the owner (in Setting-> Search and Reports and alert -> owner field)? One option that you can try is to change it to No Owner.

0 Karma