Solved: how to find search name based on error in splunkd....

OldManEd · ‎02-19-2014

I'm getting the following errors in my splunkd.log file a lot;

02-19-2014 10:10:58.232 -0800 WARN  FileClassifierManager - The file '/opt/splunk/var/spool/splunk/RMD596d1d44d452086c5_441184131.stash_new' is invalid. Reason: binary
02-19-2014 10:10:58.232 -0800 INFO  TailingProcessor - Ignoring file '/opt/splunk/var/spool/splunk/RMD596d1d44d452086c5_441184131.stash_new' due to: binary

From what I've read, this is a known bug, SPL-59578.

The "good" workaround is to reschedule the summary indexing and run a backfill to regenerate the corrupted files. But my question is, how do I get from "RMD596d1d44d452086c5" to a search name?

somesoni2 · ‎02-19-2014

Try this search:

| rest /services/search/jobs | where LIKE(id,"%RMD596d1d44d452086c5%") | table label

View solution in original post

somesoni2 · ‎02-19-2014

Try this search:

| rest /services/search/jobs | where LIKE(id,"%RMD596d1d44d452086c5%") | table label

OldManEd · ‎02-19-2014

Somesoni2,
That did it. Thanks.

how to find search name based on error in splunkd.log?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...