- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Getting the following error in splunkd - Could...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Getting the following error in splunkd - Could not find user="system" with strategy="LDAP"
Hello community fellows,
I'm experiencing the following errors in splunkd from each of the shc members.
INFO AuthenticationManagerLDAP - Could not find user="system" with strategy="LDAP"
INFO AuthenticationManagerLDAP - Could not find user="system" with strategy="LDAP"
have checked using the following. no luck finding what is referencing system user.
find /opt/splunk/ -name *.meta -exec grep "owner = system" {} \; -print
find /opt/splunk -type f -exec grep -H 'owner = system' {} \;
find /opt/splunk -type f -exec grep -H 'user = system' {} \;
tried adding a local user, no further errors occur. can anyone suggest what may be referencing system user?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Engineering had confirmed this as a known issue and advised this will be addressed in next patch. Awaiting to find out which will be the next patch release.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah thanks ran into this after patching as well.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good to know that it is being addressed, thanks for the info.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have the same issue as well.
Has the patch been released? Is there a website from Splunk to track the patches?
Thanks,
Johan
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jamesbrock,
Did you check below splunk answer. There is lot of discussion and solution which might help you.
https://answers.splunk.com/answers/49525/splunkd-log-error-message.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @nikita_p,
Thanks for the reply, I did find that same post and ended up adding the user which quiets the log entries down.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can also change the log level to quiet it down
splunk set log-level AuthenticationManagerLDAP -level NOTICE
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm currently working on this same issue. Not able to find anything with the owner of system.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
