Splunk Search

Client is not authorized to perform requested action: search/jobs

ortega
Engager

The user can search normally but cannot search real-time. It gets the following message:

[HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/splunkuser/search/search/jobs

Thank you,

Tags (3)
1 Solution

Rob
Splunk Employee
Splunk Employee

You may wish to make sure the user has the correct capabilities for the role that they are using.

The following answer post also mentions the same error that you are seeing:

http://splunk-base.splunk.com/answers/6547/authorization-failed-http-403-client-is-not-authorized-to...

In all likelihood, the user does not have the capability to run a real time search.

View solution in original post

ebdavis
New Member

We are having a similar issue, except we do not want our users to be able to search in real time. Some of our users are receiving the not authorized error while searching in the past 24 hours , etc. All users are allowed to search at least up to 7 days of history. Any ideas here? Thank you.

0 Karma

Rob
Splunk Employee
Splunk Employee

You may wish to make sure the user has the correct capabilities for the role that they are using.

The following answer post also mentions the same error that you are seeing:

http://splunk-base.splunk.com/answers/6547/authorization-failed-http-403-client-is-not-authorized-to...

In all likelihood, the user does not have the capability to run a real time search.

ortega
Engager

Thanks for the pointer. I had already tried it but the capability that was missing was one that is there for the power user. Anyway you got me thinking and trying to determine why some users could do it and some could not. Those that could were power users. The capability to select/allow is "rtsearch".

Rob
Splunk Employee
Splunk Employee

Is the user an admin user or a user without permissions to run real time searches?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...