Hi there, we're seeing messages like the one below in splunkd.log on our search head (hostname TTNET-CH-SPSCH-1). We have about 50 users in our Splunk environment that authenticate via LDAP, and we seem to get a message like the one below every few minutes or so. This seems to happen for pretty much every user we have and across all kinds of searches.

Any idea what's going on here? The impact seems fairly minimal, eg. we just won't have a complete search history stored in Splunk? Still, any information you could provide would be useful. I have turned up debug logging on the DispatchSearch component but nothing is jumping out at me.

Let me know if you need anything else from me. An example snippet is below. Thanks for the help!

10-24-2013 06:56:13.661 -0500 ERROR SearchResults - Failed to remove "/opt/splunk/etc/users/<some_user>/search/history/TTNET-CH-SPSCH-1.ttnet.local.csv.tmp": No such file or directory
10-24-2013 06:56:13.663 -0500 WARN  DispatchSearch - Unable to save search history for user=<some_user>, app=search, sid=1382615771.5102, search='<some_search_here>'