Solved: Using the Java SDK, how do I change job TTL after ...

mgibian · ‎10-15-2014

I have written a tiny Java app to run a query and retrieve the results of that query, saving them to a file. Our Splunk system is totally overloaded, so it takes quite a while for this to happen. In fact, so long that the default TTL for the job expires at some random point during result retrieval. Right now, the only way I found to manipulate the TTL is to set it to a different value at job creation. Thus, I now set it to some arbitrarily large value (>6 hours). This means that I have to manually delete the job once my app is done running (since I don't want to wait >5 hours to clear the space in use).

I'd like to handle all of this more gracefully, but to do so need to know how to do the following ... I can not find documentation explaining how to do these, thus this question:

Extend TTL on an existing job
- Delete a job when it is done (I could try setting TTL to zero if I knew how to change TTL on an existing job).

mgibian · ‎10-22-2014

The solution is actually rather simple ... use an export search, which avoids all of the headaches of ttl and size of result set.

View solution in original post

mgibian · ‎10-22-2014

The solution is actually rather simple ... use an export search, which avoids all of the headaches of ttl and size of result set.

Using the Java SDK, how do I change job TTL after creation?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!