Why am I getting error "'savedsearch': Argument "auto_summarize" is not supported by this handler." and am unable to save an alert?
Hi @jkat54 ,
I just fixed it today by providing additional roles to the user account. Its working now. Thankyou for the help and support.
Hi @jkat54 ,
I just fixed it today by providing additional roles to the user account. Its working now. Thankyou for the help and support.
Hi @sarnagar
Can you let us know which additional roles you added.
@ppablo_splunk - can you share the roles used to resolve the error.
Hi hchinta
I'm an admin for the site, so I just converted the comment to an answer and accepted it.
@sarnagar Could you please follow up with the exact roles you added to the user account to resolve your issue? This will help other users in the forum have an option to test out for themselves. Thanks!
Can you share the search as well?
No, not yet. What version of Splunk and which options are you choosing when you save? I want to replicate the problem on my end.
We are using 6.3.7 and I was trying to save it as a report.
How are you "saving the search"? Via UI or API?
@jkat54 ,
I'm saving via UI.
Did you get to figure the root cause for this?
Try running the btool
command line utility to see if there are any configuration errors.
$SPLUNK_ROOT/bin/splunk btool check
@rjthibod
I dont get any output for that command.
sh-4.1$ ./splunk btool check
sh-4.1$
Check your savedsearches.conf file and see if you have other saved searches named the same as your alert you're trying but perhaps with different spacing. Also try just naming the alert differently.
I'm getting same error although no duplicate name exists.