Question
Why does this error message appear while configuring a connection from the xMatters app in Splunk to the xMatters instance?
ERROR: Delete user failed, cannot find the credential information with id : credential::xmatters_password:
Environment
- All versions of xMatters using a Splunk integration
Answer
Despite the contents of the message, this error is not actually caused by an incorrect username/password or missing credentials. It occurs due to a failed operation after the credential data is delivered to Splunk.
Resolving the Problem
To resolve this problem, follow the instructions below to create a password credential record on the Splunk instance. You may need to create a Splunk support ticket to request that port 8089 be opened on your Splunk instance before you run the commands.
To create the credential record in Splunk, you will need to be an administrator on the Splunk system and use a tool such as curl or Postman to send the following REST requests. Replace parameters such as “<username>” with the appropriate values for your instance.
NOTE: In the DELETE commands shown below, colons (:) are required before and after “xmatters_password” or “xmatters_itsi_password“, according to the Splunk REST API documentation.
Splunk Cloud
curl -k -u <username>:<password> --request DELETE https://<customer-instance>.splunkcloud.com:8089/servicesNS/nobody/xmatters_alert_action/storage/passwords/:xmatters_password:
curl -u <username>:<password> --request POST https://<customer-instance>.splunkcloud.com:8089/servicesNS/nobody/xmatters_alert_action/storage/passwords/ -d name=xmatters_password -d password=<new password>
Splunk ITSI
curl -k -u <username>:<password> --request DELETE https://itsi-<customer-instance>.splunkcloud.com:8089/servicesNS/nobody/xmatters_itsi/storage/passwords/:xmatters_itsi_password:
curl -u <username>:<password> --request POST https://itsi-<customer-instance>.splunkcloud.com:8089/servicesNS/nobody/xmatters_itsi/storage/passwords/ -d name=xmatters_itsi_password -d password=<new password>
Splunk on-premise
Use the same commands as for Splunk cloud, but use “localhost:8089” in the URLs.
After you have deleted and then recreated the password record, you should no longer encounter the error message.
Comments
0 commentsPlease sign in to leave a comment.