Splunk Search

Question regarding Search Jobs

misteryuku
Communicator

What is meant by creating new search job that runs "search error" ?

Tags (1)
0 Karma

Masa
Splunk Employee
Splunk Employee

What is "search error" ?

0 Karma

misteryuku
Communicator

I'm very new to Splunk and i just want to know.

0 Karma

Masa
Splunk Employee
Splunk Employee

When you run a search, Splunk create a search job. From a process point of view, there is a splunkd child process and its helper process for each search. When a search job is also related to a directory which contains search logs, reults, and meta data. This directory is also called a dispatch directory. The search job's id which is called sid is the search job's dipatch directory.

You can find dispatch jobs under $SPLUNK_HOME/var/run/splunk/dispatch directory. Except for troubleshooting by Support, usueally users never need to go visit there to retrive data manually.

Masa
Splunk Employee
Splunk Employee

Could you describe a litte bit more detail? Step by step what you tried?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...