Splunk Search

Client is not authorized to perform requested action: search/jobs

ortega
Engager

The user can search normally but cannot search real-time. It gets the following message:

[HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/splunkuser/search/search/jobs

Thank you,

Tags (3)
1 Solution

Rob
Splunk Employee
Splunk Employee

You may wish to make sure the user has the correct capabilities for the role that they are using.

The following answer post also mentions the same error that you are seeing:

http://splunk-base.splunk.com/answers/6547/authorization-failed-http-403-client-is-not-authorized-to...

In all likelihood, the user does not have the capability to run a real time search.

View solution in original post

ebdavis
New Member

We are having a similar issue, except we do not want our users to be able to search in real time. Some of our users are receiving the not authorized error while searching in the past 24 hours , etc. All users are allowed to search at least up to 7 days of history. Any ideas here? Thank you.

0 Karma

Rob
Splunk Employee
Splunk Employee

You may wish to make sure the user has the correct capabilities for the role that they are using.

The following answer post also mentions the same error that you are seeing:

http://splunk-base.splunk.com/answers/6547/authorization-failed-http-403-client-is-not-authorized-to...

In all likelihood, the user does not have the capability to run a real time search.

ortega
Engager

Thanks for the pointer. I had already tried it but the capability that was missing was one that is there for the power user. Anyway you got me thinking and trying to determine why some users could do it and some could not. Those that could were power users. The capability to select/allow is "rtsearch".

Rob
Splunk Employee
Splunk Employee

Is the user an admin user or a user without permissions to run real time searches?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...