Hi,
has anyone seen the error message below?
ERROR AdminManager - Argument "actual_only" is not supported by this handler.
Any ideas what may cause this?
Cheers,
Andy
@kochera we solved this issue by enabling the permissions
list_accelerate_search
for the users generating some errors.
As from what we could see, splunk was trying to see if the search had summaries, but user running the search did not have permission to check this.
Thanks to Maarten @mhoogcarspel_splunk from support for pointing in the right direction.
@kochera we solved this issue by enabling the permissions
list_accelerate_search
for the users generating some errors.
As from what we could see, splunk was trying to see if the search had summaries, but user running the search did not have permission to check this.
Thanks to Maarten @mhoogcarspel_splunk from support for pointing in the right direction.
This worked - thx
Specifically, we found this in the audit log, you can check with this, in the timeframe of the error:
index=_audit action=accelerate_search
| stats values(info) values(action) BY user
Sometimes I see errors like this if Splunk was started/stopped by root, when it normally runs as a different user. Some of the files become owned by root and then odd things don't work. In Linux, there is a simple fix. Assuming that
Splunk is installed in /opt/splunk
Splunk should run as user splunkit
you are signed in as a user with sudo privileges
cd /opt sudo chown -R splunkit splunk
Of course, the problem could be something entirely different...
I checked on that already. the permissions are ok.
we get the error on all SH-cluster members although not equally spreaded.
what is the impact of this error on your system?
we don't know. it just generates a lot of error messages in the splunkd.log
We have the same issue since the upgrade to 6.6.4
Same error message.