Currently, when any of my users create a saved search, they are private.
How can I alter that to be public?
Also, is there a way to restrict which users have default public and which ones have default private? (e.g. I want admins' searches to be public, but I want regular users' searches to be saved as private)
To make public go to:
Manager » Searches and reports » testing » Permissions
and change it so that it is available for ALL APPS and check Everyone READ (and/or write if that is what you wish).
As far as i know there is no way to make the default be public. I think they are always private by default.
I asked a similar intention, but never got an answer. http://answers.splunk.com/questions/4198/. This would be nice feature request. I do have feature request (case 43343) asking for an intermediate step: Give the user the ability to set the permissions when creating a saved search, or at least give them a link to set the permissions immediately after saving, that would be a big improvement I think.
In Splunk 4.2, the Saved Search dialog answers your wishes.
You can specify either:
As far as I know, no. The Saved Search dialog, has two radio buttons, as I describe above, and it defaults to private.
It would be really useful to be able to set the default permissions (Private/App/All and Everyone Read/Write as examples). This would make creating Dashboards with saved searches a lot less error prone. It is frustrating when someone creates a search that shows up on a dashboard and has not remembered the manual step to make it visible to all.