Solved: Why doesn't my quartz scheduler cron settings used...

hettervik · ‎08-21-2018

Hi folks,

I've installed a HF on a SCOM server to collect SCOM logs to Splunk. On the HF I've installed the Splunk Add-on for Microsoft System Center Operations Manager to collect logs using scheduled PowerShell scripts. The logs are indeed collected, but not on the interval I expected. One of my collection stanzas with the name "Events" uses the default quartz cron settings, which is 0 0 * ? * *. This should mean the the logs are collected every hour, but they are not, they are collected every midnight instead.

The add-on GUI on the HF for the collection stanza says 0 0 * ? * *, as well as the setting schedule in stanza [powershell://_Splunk_TA_micosoft_scominternal_used_Events] in inputs.conf, as well as the setting interval in stanza [Events] in microsoft_scom_task.conf. Yet the logs are only collected every midnight.

Anyone got an idea on why this is, or how I could go forward in troubleshooting this?

UPDATE: The version om SCOM we're running is 2012 r2 update 14.

hettervik · ‎09-27-2018

The problem solved itself when we upgraded the HF running the SCOM TA from Splunk Enterprise version 7.0.2 to version 7.1.2. Apparantly there was a bug (?) with the SCOM TA cron quartz scheduler on the old version.

View solution in original post

hettervik · ‎09-27-2018

The problem solved itself when we upgraded the HF running the SCOM TA from Splunk Enterprise version 7.0.2 to version 7.1.2. Apparantly there was a bug (?) with the SCOM TA cron quartz scheduler on the old version.

agupta2607 · ‎02-20-2020

How did you resolve the issue?

Why doesn't my quartz scheduler cron settings used on Splunk Add-on for MS SCOM work?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases