Python SDK and Rest endpoint /search/jobs are not ...

strive · ‎11-30-2018

Hi,

We extensively use splunklib.client and service.jobs to create jobs, retrieve jobs and iter over, and set ttl. All these things were working fine in Splunk 6.4.5 & Python SDK 1.6.2.

In Splunk 7.0.7 & Python SDK 1.6.2, the service.jobs.iter(search=query) and job.set_ttl are not working. More details below.

We post search jobs along with custom parameters. Later we retrieve the jobs matching some custom parameters.
For example: If custom.notify_method="email", custom.notify_server="my mail server" are our custom parameters

query='custom.notify_method="email" AND custom.notify_server="my mail server"'
service.jobs.iter(search=query)

returns nothing.

for job in service.jobs:
    job.set_ttl(60)

The ttl and eai:acl.ttl are set to 60. After 60 seconds, the ttl value becomes 0 but the eai:acl.ttl value remains as 60.
The job never expires and it stays for 7 days.
Why the jobs are not getting deleted after 60 seconds even though the ttl value has been updated to 0?

Both the above mentioned issues are in Splunk 7.0.7 & Python SDK 1.6.2. But they were working as intended in 6.4.5 and SDK 1.6.2

Any pointers to solve these issues.

Thanks,
Strive

strive · ‎12-09-2018

Splunk team have told that it is a bug and it will be fixed.

Python SDK and Rest endpoint /search/jobs are not working as intended in setting ttl and querying custom parameters

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms