"Cannot find credential information" errors in Splunk integrations


Why does this error message appear while configuring a connection from the xMatters app in Splunk to the xMatters instance?

ERROR: Delete user failed, cannot find the credential information with id : credential::xmatters_password:

error message from xmatters integration in splunk UI.png


  • All versions of xMatters using a Splunk integration


Despite the contents of the message, this error is not actually caused by an incorrect username/password or missing credentials. It occurs due to a failed operation after the credential data is delivered to Splunk.

Resolving the Problem

To resolve this problem, follow the instructions below to create a password credential record on the Splunk instance. You may need to create a Splunk support ticket to request that port 8089 be opened on your Splunk instance before you run the commands.

To create the credential record in Splunk, you will need to be an administrator on the Splunk system and use a tool such as curl or Postman to send the following REST requests. Replace parameters such as “<username>” with the appropriate values for your instance.

NOTE: In the DELETE commands shown below, colons (:) are required before and after “xmatters_password” or “xmatters_itsi_password“, according to the Splunk REST API documentation.

Splunk Cloud

curl -k -u <username>:<password> --request DELETE https://<customer-instance>.splunkcloud.com:8089/servicesNS/nobody/xmatters_alert_action/storage/passwords/:xmatters_password:
curl -u <username>:<password> --request POST https://<customer-instance>.splunkcloud.com:8089/servicesNS/nobody/xmatters_alert_action/storage/passwords/ -d name=xmatters_password -d password=<new password>

Splunk ITSI

curl -k -u <username>:<password> --request DELETE https://itsi-<customer-instance>.splunkcloud.com:8089/servicesNS/nobody/xmatters_itsi/storage/passwords/:xmatters_itsi_password:
curl -u <username>:<password> --request POST https://itsi-<customer-instance>.splunkcloud.com:8089/servicesNS/nobody/xmatters_itsi/storage/passwords/ -d name=xmatters_itsi_password -d password=<new password>

Splunk on-premise

Use the same commands as for Splunk cloud, but use “localhost:8089” in the URLs.

After you have deleted and then recreated the password record, you should no longer encounter the error message.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.