Solved: Re: Search is "scheduled", but shows no schedule i...

sowings · ‎09-20-2013

I've recently installed the Fire Brigade app on a new single-instance Splunk, running version 5. The saved searches didn't fire overnight, and I'm wondering why. I went into the Manager > Searches and Reports, and saw that the "scheduled time" field for the searches were all blank. Thinking that this must have been an installation snafu, I clicked on the search to enable a schedule. What I found was that it was already showing as scheduled, with the correct time. Despite this, it hadn't run.

Any hints?

sowings · ‎09-20-2013

The issue was observed in 5.0. Since upgrading the system to 5.0.4, the app's searches show as scheduled, and everything seems OK.

View solution in original post

sowings · ‎09-20-2013

The issue was observed in 5.0. Since upgrading the system to 5.0.4, the app's searches show as scheduled, and everything seems OK.

hexx · ‎09-20-2013

You could at least upvote my comments 🙂

sowings · ‎09-20-2013

Upgrading to 5.0.4 has ... vanished the problem.

hexx · ‎09-20-2013

If this is occurring in the latest version (5.0.4), please file a support case and/or a bug.

sowings · ‎09-20-2013

Schedule is correct, search is not disabled.

It looks like the REST API is disagreeing with the manager.

hexx · ‎09-20-2013

I would look at the scheduling-specific properties of the saved search object in the REST API.

Search is "scheduled", but shows no schedule in manager and didn't run

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...