Report failed schedule report

rsathish47 · ‎12-14-2014

HI All,

how do we report failed scheduled report/search in splunk.. Please let me know your thoughts .

Thanks
Sathish R

jonaclough · ‎10-19-2023

Scheduled report:

index=_internal source="*scheduler.log" log_level=ERROR 
| eval user=mvindex(split(savedsearch_id, ";"), 0)
| eval app=mvindex(split(savedsearch_id, ";"), 1)
| eval search=mvindex(split(savedsearch_id, ";"), 2)
| stats count by user, app , search, message

Failed search:

index=_audit action=search has_error_warn=true fully_completed_search=false

MuS · ‎12-15-2014

Hi rsathish47,

check your Splunk logs like this:

index=_internal source="*scheduler.log"

this will bring up all information about the scheduled searches. You can find more information on other Splunk internal messages if you leave the source from the search.
You can find some pdf related messages in python.log for example and you can increase logging channels to get more detailed messages back http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Enabledebuglogging

hope that helps ...

cheers, MuS

MuS · ‎12-14-2014

please provide more details, like do you want to search for searches that literally failed (the search itself?) or do you want to run a search that searches for events that contain the value failed ?

rsathish47 · ‎12-14-2014

Errors Like this
An error occurred while generating a PDF of this report
Some times we are not reciveing mail from scheduled search/report

Report failed schedule report

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!