When I am logged into Splunk Enterprise Security 4.0 as a user with the "admin" role, "ess_analyst", or "ess_admin" (all three have been assigned the "edit_timeline" role via the ES 4.0 permissions management page):
• I cannot create a new investigation from the My Investigation tab. Error: “Timeline could not be saved”
• However, notes can be saved, edited and removed from “Create New Entry” (top right) within My Investigations, but will not add to a current investigation entry

When I log in using the built-in admin (default) I am able to create a new investigation from the My Investigation tab. I verified permissions and need help determining what is missing in rights/permissions/configuration. Everyone who logs in to the search head has the same error within Enterprise 4.0.

Log files:
The investigative_canvas_controller.log file in the _internal index has the following error:

2015-11-11 13:36:59,469 ERROR InvestigativeCanvas - action=create; status=500; success=False; canvas_id=; user=user.name; message="There was an issue attempting to create the canvas";

The splunkd.log in the _internal index has the following error:

11-11-2015 13:36:59.467 -0500 ERROR KVStorageProvider - An error occurred during the last operation ('insertData', domain: '8', code: '18'): A document was corrupt or contained invalid characters . or $