Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Eventtype 'windows_account_created' does not exist or is disabled.

sbgoldberg13
Explorer
‎02-07-2019 10:56 AM

I've given read permissions for macro, app, eventtype, everything I can think of, to the role and/or everyone. This search keeps failing for all users in the role. It works fine for me as an admin. It even fails with the same message if I add the user to the power role along with the defined role.

event_sources eventtype=windows_account_created

It returns results for just the event_sources macro. But including eventtype windows_account_created shows no results along with:
alt text

I've exhausted any of my ideas. Thoughts?

Tags (2)
Preview file
1 KB
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-08-2019 07:23 AM

If you go to Settings->Event types and set the permissions for windows_account_created to Global, it should fix the problem.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...