Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

After deleting an old user, how to troubleshoot splunkd.log "ERROR UserManagerPro - Could not get info on non-existent user="oldemployee""?

jravida
Communicator
‎04-23-2015 11:14 AM

Hi folks,

Someone left my company, who had been experimenting with Splunk, so I went ahead and deleted their account. Now my splunkd.log is filling up with:

ERROR UserManagerPro - Could not get info on non-existent user="oldemployee"

Every 30 seconds it logs this.
I went ahead and tried this solution, and restarted Splunk, but they persist:
http://answers.splunk.com/answers/62380/splunk-searches-from-deleted-users.html

I also combed through saved searches, but I don't see anything that happens that frequently, and nothing is ascribed to the old user.

Is there any place I can look to sort this out?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

stephane_cyrill
Builder
‎04-23-2015 04:18 PM

HI, here is your solution

answers.splunk.com/answers/70946/how-does-splunk-manage-ldap-or-ad-user-created-objects-if-the-user-is-no-longer-active.html

If you see many errors about missing user in the
splunkd.log, this is because deleted LDAP users
still own objects in splunk, by example a
scheduled search.
and you should clean it
Delete the objects/profile or migrate them to
another user or an app. See answer at the link provided.

View solution in original post

Reply
Solved! Jump to solution
Solution

stephane_cyrill
Builder
‎04-23-2015 04:18 PM

HI, here is your solution

answers.splunk.com/answers/70946/how-does-splunk-manage-ldap-or-ad-user-created-objects-if-the-user-is-no-longer-active.html

If you see many errors about missing user in the
splunkd.log, this is because deleted LDAP users
still own objects in splunk, by example a
scheduled search.
and you should clean it
Delete the objects/profile or migrate them to
another user or an app. See answer at the link provided.

Reply
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...