Splunk Search

What does it mean? user=tommyjones is not allowed to run historical scheduled search, skipping savedsearch_id="tommyjones;…"


I'm seeing this in the scheduler log and would like to know what it means and what causes it. This user can certainly run scheduled searches, so confused about this.

0 Karma

Path Finder

add schedule_search=enable in your authorize.conf under the role your id belong to and restart the server. It should work.

Revered Legend

Ensure that the User (or the role assigned to user) has capability 'schedule_search'. Or verify access permission on the schedule search which is failing.

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>