Splunk version 6.3.1
Scheduled search emails contain a link "View results in Splunk", but when our users (who actively use Splunk) click this link they get a message “The view you requested could not be found”. I can click the link and see the results, but I am a Splunk administrator. So this leads me to believe there is still a permissions issue residing somewhere.
The scheduled search is not privately owned, it is owned by the app and everyone has read permissions. I have tried this with two different scheduled searches and my users get the same message “The view you requested could not be found”. The results are not expired.
There is something simple I am overlooking and have run out of places to think to look.
@vijaysri You are responding to a question that is more than 2 years old so it's unlikely you'll get a response. You should post a new question explaining the problem you are having. Include a link to this question if you wish.
You can set permissions on a per-object and per-app basis in Splunk Manager. Follow these instructions:
1. Click Settings in the top-level Splunk Enterprise menu. 2. In the Knowledge panel, select a category containing the object you want to edit permissions for. For example, to change permissions on a saved search, click Searches and reports. You can also select All configurations to access all the configurations in a given app. 3. Once you've found the object you want to set permissions for, click the permissions link next to the object. 4. Set permissions to read and/or write for all the roles listed. 5. Click Save.