We have the Splunk Add-on for Demisto setup in our environment. It works as long as the saved search being sent to Demisto is created or owned by admin or users who have the admin capability. It does not work for any other user.
I imagine its a permissions issue somewhere in the app, maybe the password? just not sure exactly where the permissions need to be updated.