Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Unknown error message from Admin Manager
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
has anyone seen the error message below?
ERROR AdminManager - Argument "actual_only" is not supported by this handler.
Any ideas what may cause this?
Cheers,
Andy
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@kochera we solved this issue by enabling the permissions
list_accelerate_search
for the users generating some errors.
As from what we could see, splunk was trying to see if the search had summaries, but user running the search did not have permission to check this.
Thanks to Maarten @mhoogcarspel_splunk from support for pointing in the right direction.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@kochera we solved this issue by enabling the permissions
list_accelerate_search
for the users generating some errors.
As from what we could see, splunk was trying to see if the search had summaries, but user running the search did not have permission to check this.
Thanks to Maarten @mhoogcarspel_splunk from support for pointing in the right direction.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This worked - thx
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Specifically, we found this in the audit log, you can check with this, in the timeframe of the error:
index=_audit action=accelerate_search
| stats values(info) values(action) BY user
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sometimes I see errors like this if Splunk was started/stopped by root, when it normally runs as a different user. Some of the files become owned by root and then odd things don't work. In Linux, there is a simple fix. Assuming that
Splunk is installed in /opt/splunk
Splunk should run as user splunkit
you are signed in as a user with sudo privileges
cd /opt sudo chown -R splunkit splunk
Of course, the problem could be something entirely different...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I checked on that already. the permissions are ok.
we get the error on all SH-cluster members although not equally spreaded.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
what is the impact of this error on your system?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we don't know. it just generates a lot of error messages in the splunkd.log
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have the same issue since the upgrade to 6.6.4
Same error message.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Splunk Community Badges!
How to find the worst searches in your Splunk environment and how to fix them
Share Your Feedback: On Admin Config Service (ACS)!
