That issue is typically caused by the permissions defined on the Saved Search in question:
When the saved search is first created, the configuration is considered private and stored in the user’s directory. For it to be saved in the correct spot and made available to the Phantom app for Splunk for scheduling, the permissions of the saved search need to be modified as follows:
While in context of the saved search app, go to the Settings menu and select ‘Searches, reports, and alerts’.
Select the saved search that you want to make available to the Phantom app for Splunk, for scheduling.
Under Actions, select ‘Edit’ and ‘Edit Permissions’
Change ‘Display For’ to All apps, ‘Run As’ to User, set read/write permissions as appropriate, and click save.
Upon clicking Save, you’ll be dropped back to the ‘Searches, Reports, and Alerts’ screen, where you should now see the Sharing column show ‘Global’ for your search. It will now be available to other apps.