The version i tested is splunk 4.1, and the root_endpoint is set to /splunk.
I cloned an application mysearch from search, and set session timeout to 24 hours. Then i created two dashboards dashboard1 (default view of mysearch) and dashboard2.
Because there is no login page in free license, so first time i view ｈｔｔｐ://myip/splunk/en-US/app/mysearch, the browser will be redirected to ｈｔｔｐ://myip/splunk/en-US/app/search/dashboard. Next, i relocated to ｈｔｔｐ://myip/splunk/en-US/app/mysearch, the browser was redirected to the default view ｈｔｔｐ://myip/splunk/en-US/app/mysearch/dashboard1. Next, when i drilled down from dashboard1 or changed menu to dashboard2 or other operations, i aperiodically got "401 Unauthorized" errors and was kicked back to ｈｔｔｐ://myip/splunk/en-US/app/search/dashboard many times.
From firebug, i got the following 2 kinds of responses for "401 unauthorized":
1) Splunk cannot authenticate the request. CSRF validation failed.
2) No permission -- see authorization schemes
when i requested the following addresses
I think we should login as user "admin" in default and have all permissions in free splunk. And i got nothing about "CSRF validation failed" and "authorization schemes" in this forum and from google. Can anyone give me some suggestions about this?
Thanks & Best Regards.
my non-answer suggestions, hopefully someone else will know more:
Yes. This happens constantly on certain systems, on 4.1.5 as well as the new 4.2 beta. It happens to me every 5 minutes or so. I've been reporting it pretty regularly for months but I havent heard any updates. I'm still not sure what combination of factors is present to make it easier to reproduce but on some browsers/networks/splunkInstances it's REALLY easy to reproduce and on a lot of systems it's impossible.
I've debugged and troubleshooted it quite thoroughly. Here are some answers posts from other people suffering from the bug.