Streamed search execute failed because: User '' co...

GandalfsApprent · ‎12-08-2013

Hey,
All my users except admin are getting this error: Streamed search execute failed because: User '' could not act as: XXX

With XXX being the user in question. I've checked all the permissions and even tried changing some, but all the users in questions have full rights to run searches. I can't see anything in the error history that indicates why my users can't execute searches. Really keen to get this sorted, as the product is essentially unusable right now.

Thanks!

yannK · ‎02-26-2014

Look like the bug SPL-66763

Distributed searches can intermittently fail on certain search peers with an error banner indicating Streamed search execute failed because: User could not act as: . The affected peer will not return results for this search. (SPL-66763)

fixed in splunk 5.0.6 and 6.0.1
see http://docs.splunk.com/Documentation/Splunk/5.0.6/ReleaseNotes/5.0.6#Resolved_distributed_deployment...

tmarlette · ‎02-04-2015

I have received this error in 6.1.3 multiple times. This was not corrected all the way. We use a clustered environment with pooled search heads.

somesoni2 · ‎12-16-2013

You might want to check which search peer is causing the issue. See the nearby events logs from _internal to pinpoint what exactly is causing issue.

gkanapathy · ‎12-13-2013

how exactly did you create the new users? did you assign default roles? did you modify roles or create new ones?

twinspop · ‎12-12-2013

I'm getting the same thing intermittently. Yes, I have 2 search heads searching 4 search peers. The search heads are pooled per instructions on splunk.com.

somesoni2 · ‎12-08-2013

Are you using distributed environment (multiple indexers, search peers)?

Streamed search execute failed because: User '' could not act as: XXX

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases