Splunk Search

Client is not authorized to perform requested action: search/jobs

Engager

The user can search normally but cannot search real-time. It gets the following message:

[HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/splunkuser/search/search/jobs

Thank you,

Tags (3)
1 Solution

Splunk Employee
Splunk Employee

You may wish to make sure the user has the correct capabilities for the role that they are using.

The following answer post also mentions the same error that you are seeing:

http://splunk-base.splunk.com/answers/6547/authorization-failed-http-403-client-is-not-authorized-to...

In all likelihood, the user does not have the capability to run a real time search.

View solution in original post

New Member

We are having a similar issue, except we do not want our users to be able to search in real time. Some of our users are receiving the not authorized error while searching in the past 24 hours , etc. All users are allowed to search at least up to 7 days of history. Any ideas here? Thank you.

0 Karma

Splunk Employee
Splunk Employee

You may wish to make sure the user has the correct capabilities for the role that they are using.

The following answer post also mentions the same error that you are seeing:

http://splunk-base.splunk.com/answers/6547/authorization-failed-http-403-client-is-not-authorized-to...

In all likelihood, the user does not have the capability to run a real time search.

View solution in original post

Engager

Thanks for the pointer. I had already tried it but the capability that was missing was one that is there for the power user. Anyway you got me thinking and trying to determine why some users could do it and some could not. Those that could were power users. The capability to select/allow is "rtsearch".

Splunk Employee
Splunk Employee

Is the user an admin user or a user without permissions to run real time searches?

0 Karma