Hi All,
One of the user is facing an performance issue while performing the searches and also the splunk web freezes the browser. User had tried accessing the splunk web from different machine and multiple browser.
We have 3 search head cluster environment with splunk 6.6.1 version.
Question:
How / from where to check the error, specific to this user account and review the performance impact for last 30 days.
How to trouble shoot this issue.
Kindly guide me on this.
I would start here (general troubleshooting steps):
https://docs.splunk.com/Documentation/Splunk/7.0.1/DistSearch/ViewdistsearchstatusinDMC
Hi Somesoni2, thanks for working on this issue, hey I could see the following error details in the splunkd.log for this particular user who is facing the issue. When checked for a period of last 30 days we could see the below error occurring on and off. Similarly when checked in metrics.log and splunkd_ui_access could not see any error.
Splunkd.log
ERROR AuthenticationManagerLDAP - Couldn't find matching groups for user="user500". Search filter="(&(uniquemember=uid=user500,ou=internal,ou=users,dc=test,dc=com)(cn=Splunk_Admin))" strategy="test LDAP"
So could you please guide me how to fix this issue.
thanks in advance.