Ok, here's what I did:
On the server, I gave full control of $Splunk_home to the Everyone user group. (Shotgun approach)
On the web interface, on the save screen for the field extraction, I clicked the All Apps button on the Permissions row, ( Owner had been selected by default). This showed a table of users with columns for name, read permissions, and write permissions. There was a line for the user group Everyone , I checked the Write Permissions box, and I was able to save.
I'm hesitant to advertise it because it's not practicing the tightest security and could use some fine tuning, but I'm on a private network so security is not a big concern for me at the moment, and it works (or seems to)
... View more