How do I set a query to run overnight without it e...

thisissplunk · ‎01-18-2018

I need to run a search that will take around 6-8 hours. Just a lot of URLs with wildcards to look for in a terabyte of access logs with two indexers.

It seems as though if I go AFK for over 30 minutes then the search freezes or the job expires when it was still searching. How do I prevent this so that I can let it run overnight?

Edit: For now I shared the job from the Job Manager and I think it extended its life for 7 days. Hopefully this does it...

harsmarvania57 · ‎01-18-2018

Is this ad-hoc search or scheduled search? If it is scheduled search then what is the running frequency ? Worth to look at https://docs.splunk.com/Documentation/Splunk/7.0.1/Search/Extendjoblifetimes

mayurr98 · ‎01-18-2018

Hey you can send the job to background
Have a look at this doc!
http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Search/Aboutjobsandjobmanagement#Job_menu

Once you do this you will get a link which you can access for 7 days

Let me know if this helps !

thisissplunk · ‎01-18-2018

Hmm I don't see that option anywhere. I shared the search instead and I think that did it.

mayurr98 · ‎01-19-2018

After entering your query on the right side of the search bar below time picker you will see Job v click on that and you will see Send Job to Background option.

How do I set a query to run overnight without it expiring before it completes?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!