Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Unknown error message from Admin Manager

kochera
Communicator
‎11-10-2017 01:16 AM

Hi,

has anyone seen the error message below?

ERROR AdminManager - Argument "actual_only" is not supported by this handler.

Any ideas what may cause this?

Cheers,
Andy

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

florho
Explorer
‎02-07-2018 12:37 AM

@kochera we solved this issue by enabling the permissions
list_accelerate_search
for the users generating some errors.

As from what we could see, splunk was trying to see if the search had summaries, but user running the search did not have permission to check this.

Thanks to Maarten @mhoogcarspel_splunk from support for pointing in the right direction.

View solution in original post

Reply
Solved! Jump to solution
Solution

florho
Explorer
‎02-07-2018 12:37 AM

@kochera we solved this issue by enabling the permissions
list_accelerate_search
for the users generating some errors.

As from what we could see, splunk was trying to see if the search had summaries, but user running the search did not have permission to check this.

Thanks to Maarten @mhoogcarspel_splunk from support for pointing in the right direction.

Reply
Solved! Jump to solution

pj
Contributor
‎02-09-2018 12:01 PM

This worked - thx

0 Karma
Reply
Solved! Jump to solution

mhoogcarspel_sp
Splunk Employee
Splunk Employee
‎02-07-2018 12:41 AM

Specifically, we found this in the audit log, you can check with this, in the timeframe of the error:

index=_audit action=accelerate_search
| stats values(info) values(action) BY user

0 Karma
Reply
Solved! Jump to solution

mayurr98
Super Champion
‎11-10-2017 01:50 AM

Sometimes I see errors like this if Splunk was started/stopped by root, when it normally runs as a different user. Some of the files become owned by root and then odd things don't work. In Linux, there is a simple fix. Assuming that

Splunk is installed in /opt/splunk

Splunk should run as user splunkit

you are signed in as a user with sudo privileges

cd /opt sudo chown -R splunkit splunk

Of course, the problem could be something entirely different...

Reply
Solved! Jump to solution

kochera
Communicator
‎11-10-2017 02:22 AM

I checked on that already. the permissions are ok.
we get the error on all SH-cluster members although not equally spreaded.

0 Karma
Reply
Solved! Jump to solution

mayurr98
Super Champion
‎11-10-2017 01:19 AM

what is the impact of this error on your system?

0 Karma
Reply
Solved! Jump to solution

kochera
Communicator
‎11-10-2017 01:25 AM

we don't know. it just generates a lot of error messages in the splunkd.log

0 Karma
Reply
Solved! Jump to solution

florho
Explorer
‎12-12-2017 12:26 AM

We have the same issue since the upgrade to 6.6.4
Same error message.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...