Security

db_connect v3 cannot delete inputs when using SAML

duneclarke2
Explorer

WARN UserManagerPro - AQR not supported and user=username@domain.com information not found in cache or 404 User not found

C:\Program Files\Splunk\etc\apps\splunk_app_db_connect\metadata\local.meta
 
When trying to delete inputs created in dbconnect, splunk was not able to authenticate the user via our IDP. To workaround this, edit local.meta, find the input to be deleted and change the owner =  username@domain.com  to owner = nobody. 
 
Restart the splunkd service. 

 

 

 

Labels (1)
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!