Alerting

Why am I getting error "'savedsearch': Argument "auto_summarize" is not supported by this handler." and am unable to save an Alert

shimuls
Engager

Why am I getting error "'savedsearch': Argument "auto_summarize" is not supported by this handler." and am unable to save an alert?

1 Solution

sarnagar
Contributor

Hi @jkat54 ,

I just fixed it today by providing additional roles to the user account. Its working now. Thankyou for the help and support.

View solution in original post

0 Karma

sarnagar
Contributor

Hi @jkat54 ,

I just fixed it today by providing additional roles to the user account. Its working now. Thankyou for the help and support.

View solution in original post

0 Karma

hchinta
Explorer

Hi @sarnagar

Can you let us know which additional roles you added.

hchinta
Explorer

@ppablo_splunk - can you share the roles used to resolve the error.

0 Karma

ppablo
Community Manager
Community Manager

Hi hchinta

I'm an admin for the site, so I just converted the comment to an answer and accepted it.

@sarnagar Could you please follow up with the exact roles you added to the user account to resolve your issue? This will help other users in the forum have an option to test out for themselves. Thanks!

0 Karma

jkat54
SplunkTrust
SplunkTrust

Can you share the search as well?

0 Karma

jkat54
SplunkTrust
SplunkTrust

No, not yet. What version of Splunk and which options are you choosing when you save? I want to replicate the problem on my end.

0 Karma

sarnagar
Contributor

We are using 6.3.7 and I was trying to save it as a report.

0 Karma

jkat54
SplunkTrust
SplunkTrust

How are you "saving the search"? Via UI or API?

0 Karma

sarnagar
Contributor

@jkat54 ,

I'm saving via UI.
Did you get to figure the root cause for this?

0 Karma

rjthibod
Champion

Try running the btool command line utility to see if there are any configuration errors.

$SPLUNK_ROOT/bin/splunk btool check

sarnagar
Contributor

@rjthibod

I dont get any output for that command.

sh-4.1$ ./splunk btool check
sh-4.1$

0 Karma

jkat54
SplunkTrust
SplunkTrust

Check your savedsearches.conf file and see if you have other saved searches named the same as your alert you're trying but perhaps with different spacing. Also try just naming the alert differently.

0 Karma

sarnagar
Contributor

I'm getting same error although no duplicate name exists.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!