- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Can I give users the ability to create "Saved Sear...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can I give users the ability to create "Saved Searches" but not the ability to schedule?
From what I have found online, and looking in the Manager, it appears that I can only give users the ability to schedule a search.
http://www.splunk.com/base/Documentation/latest/admin/Addusersandassignroles
However, I do not want to give users the ability to schedule their searches, but I DO want to give them the ability to create a Saved Search.
Can this be done?
Thanks,
Sean
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sean,
By default users have the ability to create a saved search. This is not a capability you need to add. If you don't want them to schedule searches (also default behavior) make sure you don't set the "schedule_search" capability.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vsid maps to a viewstate.conf stanza. The error you are getting specifies that you have a savedsearch with a vsid that is not available in viewstates.conf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am not sure I understand what "vsid" does. Here is the user's savedsearches.conf
[VTS Connection]
dispatch.earliest_time = -60m@m
dispatch.latest_time = now
displayview = flashtimeline
request.ui_dispatch_view = flashtimeline
search = mcvts00#
vsid = gdxa8nfw
[VTS Connection Errors]
dispatch.earliest_time = 1286946000
dispatch.latest_time = 1287201600
displayview = report_builder_display
request.ui_dispatch_view = report_builder_display
search = vts error | timechart count
vsid = *:gfbm5aqs
I cloned the user having issues, and the cloned user has the exact same problem.
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried removing any references to vsid=gn0t66si in savedsearches.conf?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Every time basic users try to save a search, they get the following:
Encountered the following error while trying to save: In handler 'savedsearch': Cannot find viewstate with vsid="gn0t66si"
Name Alert - HH returnValTBWS
Search host=hhwas0* "returnValTBWS:false"
Description (optional)
Time rangeStart time (optional)
'-1d' is a day ago. '-45m' is 45 minutes ago.
Time specifiers: y, mon, d, h, m, s
Finish time (optional)
What else could be wrong? Why am I getting the errors above? My admin account has no problem saving exactly what is listed above.
Thanks,
Sean
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
