Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

No search history on MacOSX

BDein
Explorer
‎12-27-2021 01:12 PM

Hi Everyone,

I'm running Splunk Enterprise 8.2.2.1 on my MacOS (Big Sur), and it runs quite well, except that there is no search history available using a user id with admin role.

But from the CLI in: etc/users/bd/search/history

There is actually a file called <hostname>.idx.csv which holds all my history.

1. Can anyone please explain what's going on here?

PS. I have 5 instances running on my Mac (A combined SH/IDX, DPL, HFWD, and 2 UF's), and it all works nice together. The difference is that I have an internal created user on the SH (the one with no history above), but on IE the HFWD I use the user "splunk" (this user also runs all the instances on OS level) to log in with, and here history work just fine.

2. There is gotta be a missing link, but which?

Cheers,

Bjarne

Labels (1)
Labels
Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎12-28-2021 01:43 AM

Hi

this is quite interesting and seems to be some kind of bug?

I just tested with macOS 11.6.2, Safari Version 15.2 (16612.3.6.1.8, 16612) and Splunk 8.2.4 (

87e2dda940d1 dmg version) with several accounts and it seems to work weird.

  1. separate aa_admin => didn't work
  2. aa_user => works
  3. admin => works
  4. again with aa_admin => works (but only from last SPLs on step 1, not all which I can see on history)

I propose that you should do a support case for this.

r. Ismo

View solution in original post

0 Karma
Reply
Solved! Jump to solution

BDein
Explorer
‎12-28-2021 01:49 AM

Hi @isoutamo ,

Thanks for your fast reply, it looks weird to me as well - so thanks for confirming.

/Bjarne

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎12-28-2021 01:43 AM

Hi

this is quite interesting and seems to be some kind of bug?

I just tested with macOS 11.6.2, Safari Version 15.2 (16612.3.6.1.8, 16612) and Splunk 8.2.4 (

87e2dda940d1 dmg version) with several accounts and it seems to work weird.

  1. separate aa_admin => didn't work
  2. aa_user => works
  3. admin => works
  4. again with aa_admin => works (but only from last SPLs on step 1, not all which I can see on history)

I propose that you should do a support case for this.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...