Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

AuthStorageManagerConf [65709 SavedSearchHistoryThread] - Config entry not found.

sgabriel1962
Explorer
‎03-18-2026 02:56 PM

AuthStorageManagerConf [65709 SavedSearchHistoryThread] - Config entry not found.   key=oauth2_external_app_client_*, operation=GET  is constantly showing up in my splunkd.log.   * is replacable by any end user name - 

Not sure where it came from and how do I get rid of it

 

Labels (1)
Labels
0 Karma
Reply

cswanson-vt
Engager
‎03-25-2026 01:58 PM

Did you recently upgrade to Splunk 10.2? I did so this morning and have been getting these errors as well:

Config entry not found. key=client_<username>, operation=GET
Config entry not found. key=oauth2_external_app_client_<username>, operation=GET

I was able to stop the warning related to oauth2 by setting the following stanza and parameter in limits.conf:

[auth]

enable_oauth2_for_applications = false

This appears to be a new setting for 10.2 that defaults to true, as I understand it from the limits.conf spec. I am still seeing the top line warning above, so if anyone else has suggestions to fix that as well I'm all ears. I'm assuming it must be similar/related to the second message but I am still troubleshooting.

Cheers,

Chris

Reply

lmaclean
Path Finder
‎04-09-2026 09:37 PM

This worked as you say for the second message, but also unable to pinpoint exactly where the first one comes into play, other than getting some more details.

And even setting the server logging via the GUI for "AuthStorageManagerConf" to DEBUG does not do anything to increase the logging to try and figure out where it is coming from at all...

I would also note that "AuthStorageManagerConf" does not appear as a category in "$SPLUNK_HOME/etc/log.cfg".

Finding another channel that has a similar name of "AuthStorageManagerWithCache" and setting it to DEBUG as well from WARN now getting some more details alongside the other...

DEBUG AuthStorageManagerWithCache [123456 TcpChannelThread] - Backend operation get() failed in component=AuthStorageManagerWithCache. Error=Config entry not found. key=client_<username>, operation=GET

 Maybe the AuthStorageManagerConf message is also meant to be on log level DEBUG until they implement whatever new feature, they are trying?

So, temporary you could change the default value of "AuthStorageManagerConf" from WARN to ERROR to prevent the logs, seeing as I have not seen a single log on this channel other than this one pop-up, until the next release. Or raise a support case and see if you get a response 🙂 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...