Hi folks,
Someone left my company, who had been experimenting with Splunk, so I went ahead and deleted their account. Now my splunkd.log is filling up with:
ERROR UserManagerPro - Could not get info on non-existent user="oldemployee"
Every 30 seconds it logs this.
I went ahead and tried this solution, and restarted Splunk, but they persist:
http://answers.splunk.com/answers/62380/splunk-searches-from-deleted-users.html
I also combed through saved searches, but I don't see anything that happens that frequently, and nothing is ascribed to the old user.
Is there any place I can look to sort this out?
HI, here is your solution
answers.splunk.com/answers/70946/how-does-splunk-manage-ldap-or-ad-user-created-objects-if-the-user-is-no-longer-active.html
If you see many errors about missing user in the
splunkd.log, this is because deleted LDAP users
still own objects in splunk, by example a
scheduled search.
and you should clean it
Delete the objects/profile or migrate them to
another user or an app. See answer at the link provided.
HI, here is your solution
answers.splunk.com/answers/70946/how-does-splunk-manage-ldap-or-ad-user-created-objects-if-the-user-is-no-longer-active.html
If you see many errors about missing user in the
splunkd.log, this is because deleted LDAP users
still own objects in splunk, by example a
scheduled search.
and you should clean it
Delete the objects/profile or migrate them to
another user or an app. See answer at the link provided.