Refine your search:

What happened to logging of my scheduled searches (by name) in version 4.0?

0 
INFO  SavedSplunker - Found 2 scheduled saved searches
INFO  SavedSplunker - About to run saved search: 'admin;search;badger', next run: Thu Apr 29 12:43:00 2010, trigger_actions=1
INFO  SavedSplunker - setting ttl=120 for savedsearch_ident="admin;search;badger"
INFO  SavedSplunker - dispatched search for savedsearch_id="admin;search;badger"
INFO  SavedSplunker - Saved search 'admin;search;badger' next run time set to: "Thu Apr 29 12:44:00 2010"
INFO  SavedSplunker - changing ttl of sid=scheduler_admin_search_badger_at_1272570180_1230566965, new_ttl=86400
INFO  SavedSplunker - AlertNotifier ran notifications=1, actions=1, managedSearchCount=0

It used to be that I could see my scheduled search runs in splunkd.log like above. This was very useful for debugging. What happened to them?

asked 29 Apr '10, 19:46

the_wolverine's gravatar image

the_wolverine ♦
4.3k5843
accept rate: 50%

One Answer:
oldestnewestmost voted
0

SavedSplunker errors were converted to WARN in later versions of 4.0. You can re-enable logging at the INFO level by adding the following to your etc/log.cfg under [splunkd]:

[splunkd]
category.SavedSplunker=INFO

If you've got lots of scheduled searches this will result in a noisy splunkd.log.

In 4.1 we change the default logging to INFO and give it its own logfile: scheduler.log.

link

answered 29 Apr '10, 19:52

the_wolverine's gravatar image

the_wolverine ♦
4.3k5843
accept rate: 50%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×309
×197
×30
×15
×12

Asked: 29 Apr '10, 19:46

Seen: 206 times

Last updated: 29 Apr '10, 19:52

Related questions

Looks as if user is performing a search when logging on to Dashboard with scheduled searches

Logging practices for security logging.

How to eliminate signtool logging configuration message

Scheduled searches for summary index does not run. No skipped log in scheduler.log

How do I disable the free version's reminder that the search scheduler is disabled?

Best Practice - Logging Script Runtime Results

Exception logging by time

How can I use scheduled savedsearch results in a dashboard?

Logging, Splunkforwarder, and Diskless Servers

Copyright © 2005-2012 Splunk, Inc. All rights reserved.