- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Why am I getting search error "In handler 'savedse...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why am I getting search error "In handler 'savedsearch': Cannot get username when all users are selected."?
Is anyone else getting this error when performing a search? If so, can anyone help with a solution. Thank you
In handler 'savedsearch': Cannot get username when all users are selected.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have also faced this issue while back. After long struggle, figured out the issue is with F5 VIP settings.
please check "session_cookie_insert' as the default persistence profile". Once we updated this setting above mentioned issue is gone.
I hope this helps you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm still seeing this as of Splunk 6.5.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That thread mentions that the problem is resolved in 6.3.2, which we are running, but we're still seeing that error come up. There were other users in the thread that said the same. Is there a confirmation that it is now fixed in 6.3.3 or 6.3.4?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are seeing it also. Have you had any traction on this error? Are you using LDAP for authentication or a custom script of some sort?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for the delay, my engineer was able to troubleshoot it and provided the following. Please take a look and compare..
Camilla Clone - Jeff
<input type="dropdown" token="card" searchWhenChanged="true">
<label>Select a User:</label>
<search>
<query>sourcetype="Camilla - All Events" Title="LOCAL ACCESS REPORT"| stats values(CardholderName) as card | mvexpand card</query>
</search>
<fieldForLabel>card</fieldForLabel>
<fieldForValue>card</fieldForValue>
<choice value="*">All</choice>
<default>*</default>
<valueprefix>"CardholderName=</valueprefix>
<valuesuffix>"</valuesuffix>
</input>
<panel>
<title>$card$</title>
<table>
<search>
<query>sourcetype="Camilla - All Events" $card$ Title="LOCAL ACCESS REPORT"| table Title, Event, Date_Event, Access, Access_Point, Security_Area, CardholderName, Access_Point_Description</query>
<earliest></earliest>
<latest></latest>
</search>
</table>
</panel>
`
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@mgonter_splunk - any updates on this? i am using LDAP auth in a Search Head cluster.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
actually to clarify, i was also seeing messages as found here in this question. this answer helped me (was actually a loadbalancing issue).
https://answers.splunk.com/answers/205904/search-head-cluster-error-usermanagerpro-failed-to.html
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
