Solved: Re: Search is "scheduled", but shows no schedule i...

sowings · ‎09-20-2013

I've recently installed the Fire Brigade app on a new single-instance Splunk, running version 5. The saved searches didn't fire overnight, and I'm wondering why. I went into the Manager > Searches and Reports, and saw that the "scheduled time" field for the searches were all blank. Thinking that this must have been an installation snafu, I clicked on the search to enable a schedule. What I found was that it was already showing as scheduled, with the correct time. Despite this, it hadn't run.

Any hints?

sowings · ‎09-20-2013

The issue was observed in 5.0. Since upgrading the system to 5.0.4, the app's searches show as scheduled, and everything seems OK.

View solution in original post

sowings · ‎09-20-2013

The issue was observed in 5.0. Since upgrading the system to 5.0.4, the app's searches show as scheduled, and everything seems OK.

hexx · ‎09-20-2013

You could at least upvote my comments 🙂

sowings · ‎09-20-2013

Upgrading to 5.0.4 has ... vanished the problem.

hexx · ‎09-20-2013

If this is occurring in the latest version (5.0.4), please file a support case and/or a bug.

sowings · ‎09-20-2013

Schedule is correct, search is not disabled.

It looks like the REST API is disagreeing with the manager.

hexx · ‎09-20-2013

I would look at the scheduling-specific properties of the saved search object in the REST API.

Search is "scheduled", but shows no schedule in manager and didn't run

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases