Share a Tip
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Error Forbidden in Splunk Security Essentails Baseline Search

Mt4real
New Member
‎03-13-2026 05:54 AM

Hello everyone, I am using Splunk Developer Edition . I did  contents mapping for the first time in Splunk Security Essentials and implemented those contents successfully. But when I was trying to run a baseline search for those contents in the Data Availability page, there was an error forbidden. I tried to resolve the problem but everything proves abortive.

My Question

Does Splunk allow to run a baseline search when using Splunk Developer Edition, If so, While I keep getting error forbidden. 

Below are screenshots I attached

Baseline_search_page.pngSSE_Manage_Bookmark.png

 

Splunk Security Essentials 

0 Karma
Reply

faustja
Observer
a month ago

Did you find a fix? I am running into the same issue and I'm logged in as admin.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎03-14-2026 02:23 AM
Developer license is (almost) full license and it allow you to do searches, user authentication etc. Only think when e.g. searches are disabled is that you overdrive you ingestion amount too many times (depending on dev licenses it's 10 or 50GB/d and 4 overdrive is allowed within 30d).

What you actually mean "run a baseline search"?
0 Karma
Reply

Mt4real
New Member
‎03-14-2026 09:17 AM

This is the Baseline Search I am talking about

Screenshot 2026-03-14 170616.png

On clicking 'Run Baseline Search' Automatically all settings for contents already implemented supposed to run but all i see is this:

Baseline_search_page.png

As you can see in the photo above 'Action forbidden'

How can I resolve the error

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...