Where do I find the settings to allow a user to have permission to "spawn" real-time searches?
EDIT:
What settings do I need to change. Can't see any specific "Allow real-time searches"...
as an admin in the manager > access control > roles
thanks for the last part Drainy.
Ah yes I see it now.
Manager > Access Controls > Roles > role > Capabilities > Select rtsearch
you need them to have the rtsearch capability. Have a read of http://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities
I got that far. What setting do I need to change?