Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Fix Error while deleting an alert?

rahul2gupta
Path Finder
‎11-16-2020 07:24 PM

Hi  ,

I'm trying to disable an alert but while doing so I'm getting an error. can you please help in this.

rahul2gupta_0-1605583223703.png

 

Please note that I am not the owner of this alert. Is it possible that because of this I'm unable to disable it?

rahul2gupta_1-1605583359737.png

 

Could not find object id=WMS WK: Auto Wave Status Has Changed

rahul2gupta_2-1605583407670.png

Regards,

Rahul

 

Tags (1)
0 Karma
Reply

rahul2gupta
Path Finder
‎11-20-2020 03:49 AM

Thank you @gcusello .

we have logged a case with the splunk support.

Regards,

Rahul

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-16-2020 11:32 PM

Hi @rahul2gupta,

you can disable an alert if you are the owner or an administrator.

Ciao.

Giuseppe

0 Karma
Reply

rahul2gupta
Path Finder
‎11-17-2020 10:14 PM

Hi @gcusello ,

I'm an admin but still unable to disable the alert.

Regards,

Rahul

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-18-2020 04:32 AM

Hi @rahul2gupta,

can you see this alert in alerts' list?

maybe it's a private alert not shared.

Ciao.

Giuseppe

0 Karma
Reply

iamsahil
Engager
‎02-19-2023 11:21 PM

what if it is private?

0 Karma
Reply

rahul2gupta
Path Finder
‎11-19-2020 09:16 PM

Hi @gcusello ,

Yes, I can see this alert in the alert list.

Auto_alert.PNG

But while Disabling owner is also getting error same as me.

disable_error.PNG

When I click on the alert I get the following pop up message.

popup.PNG

Please help.

Regards,

Rahul

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-19-2020 11:24 PM

Hi @rahul2gupta,

probably the problem is that the alert is in system instead in an app.

So you could try to delete the alert in $SPLUNK_HOME/etc/system/local/savedsearches.conf 8and restart Splunk.

Otherwise, open a Case to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...