Share a Tip
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Error Forbidden in Splunk Security Essentails Baseline Search

Mt4real
New Member
‎03-13-2026 05:54 AM

Hello everyone, I am using Splunk Developer Edition . I did  contents mapping for the first time in Splunk Security Essentials and implemented those contents successfully. But when I was trying to run a baseline search for those contents in the Data Availability page, there was an error forbidden. I tried to resolve the problem but everything proves abortive.

My Question

Does Splunk allow to run a baseline search when using Splunk Developer Edition, If so, While I keep getting error forbidden. 

Below are screenshots I attached

Baseline_search_page.pngSSE_Manage_Bookmark.png

 

Splunk Security Essentials 

0 Karma
Reply

faustja
Observer
2 weeks ago

Did you find a fix? I am running into the same issue and I'm logged in as admin.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎03-14-2026 02:23 AM
Developer license is (almost) full license and it allow you to do searches, user authentication etc. Only think when e.g. searches are disabled is that you overdrive you ingestion amount too many times (depending on dev licenses it's 10 or 50GB/d and 4 overdrive is allowed within 30d).

What you actually mean "run a baseline search"?
0 Karma
Reply

Mt4real
New Member
‎03-14-2026 09:17 AM

This is the Baseline Search I am talking about

Screenshot 2026-03-14 170616.png

On clicking 'Run Baseline Search' Automatically all settings for contents already implemented supposed to run but all i see is this:

Baseline_search_page.png

As you can see in the photo above 'Action forbidden'

How can I resolve the error

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...