I ran into this error while trying to migrate a report from "Private" to "App"
(Search) visibility, allowing other users to access the report.

After validating the problem was not:

• An existing report in Search application with the same name
• The fileysystem permissions were correct (ie: files owned by Splunk process)

--

In my case, the problem was that there was an old definition of a report with
the same name still referenced in the search applications local.meta that
was owned by another user, causing Splunk to think that I was trying overwrite
another users' report. It was resolved by removing the bad definition from the
local.meta, refreshing the Splunk configuration, then going about the
permission modification as normal.

In the examples below, the example will use the following information:

• Splunk application: Search
• Report name: Example Report
• Original report owner user: originee
• New report owner creator/user: newbee

Before fixing the problem, you need to validate the report no longer exists
for the previous user:

$ cd $SPLUNK_HOME/etc
$ egrep -R "Example.*Report" *

# Example output
apps/search/metadata/local.meta:[savedsearches/Example%20Report]         <-- orphaned report meta
users/newbee/search/metadata/local.meta:[savedsearches/Example%20Report] <-- new report meta
users/newbee/search/local/savedsearches.conf:[Example Report]            <-- new report

If the saved search under the "Search" app is indeed orphaned, your output
should look very similar to the example above.

Now that you've indentified the search as orphaned, we need to remove the
reference to it from the "Search" application metadata:

$ vim $SPLUNK_HOME/etc/apps/search/metadata/local.meta 

# Find the stanza and remove it:
[savedsearches/Example%20Report]
owner = origineee                   <-- note it's owned by the original user
version = 6.0

Refresh the Splunk configuration by visiting the /debug/refresh endpoint on
your. Finally, modify the permissions on your report without an error.