Yes, this happens constantly for me on Firefox on windows, on multiple splunk servers. It logs me out every 5 minutes or so depending somewhat on the system load. I reported it to support and the UI team a few weeks ago and I think they filed or reopened the relevant bug but I also think maybe they were waiting for someone else to report it as well.

Essentially how this goes (and I reported this in the bug too) is that on one of the slower HTTP requests, either the POST to dispatch or the POST to control, cherrypy will give back a 401. As far as I can tell from request headers there's no reason why cherrypy should give back a 401 but it does (header, session id everything seems to be passed totally correctly). This 401 trips the cross site request forgery logic in jquery_csrf_protection.js, which kicks you out to login.

You arent actually being logged out, it just kicks you to login. For instance if you use your back button you'll be back on the main page and you're still fine.

Long ago I just edited the source code to not redirect anymore so I could get some work done. (I made it broadcast a message instead so I could still see that it's happening constantly)

If you want to edit that line yourself, it's in $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/js/splunk.jquery.csrf_protection.js, around line 57. Comment out the line that starts with 'document.location'

Also, it's a bit harder to reproduce the bug on Google Chrome, and either much much harder or completely impossible to reproduce on Internet Explorer.

Any chance you have multiple tabs open to Splunk Web? This is a common cause of the symptoms you describe - one tab has an expired session, and causes odd behavior with the rest.

It was an erratic problem with Solaris in Splunk 4.1.3 and earlier, but should have been resolved as of 4.1.4. If it is still happening, please open a case with Splunk Support. You might reference bug SPL-24389.