Re: In the scheduler.log, what does status=continu...

sowings · ‎08-19-2013

I see a number of events in my scheduler.log that have the string "status=continued" in them. Further, these entries lack the run_time (and other fields) that would seem to indicate successful saved search completion. What do these log events represent?

wsnyder2 · ‎04-21-2015

Can we assume that status=skipped is a "not" so good thing?

somesoni2 · ‎04-28-2014

In my understanding, when a search is configured for continuous scheduling (realtime_schedule = 0) and no of concurrent searches exceeds the limit, Splunk will add an entry with status=continued as the search execution is queued up. It should log another entry with status=success or status=fail when search is executed after it's turn comes up.

jluste · ‎04-28-2014

I'd also like to know what continued means officially and if it is the case of a deferred search, how long goes by before that search gets set to status=skipped?

sowings · ‎03-20-2014

My observation is that it's when a prior instance of the search is running, but the time has come for it to run again.

If anyone has an updated answer, I'd appreciate it.

mloven_splunk · ‎11-06-2013

bumping this. I'd like to know as well.

In the scheduler.log, what does status=continued mean?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases