Solved: Re: How can I end a long running search job using ...

bensonqiu · ‎09-28-2016

If I make a POST request to "services/search/jobs", it will return a job-id. Let's say the job is taking too long, and subsequent jobs are being queued because we cannot exceed the concurrency level. How can I use the API to kill the long-running search job?

yannK · ‎09-29-2016

1 -query the REST API to get the list of jobs running and their SID

see http://docs.splunk.com/Documentation/Splunk/6.5.0/RESTTUT/RESTsearches

2 - find the ones you want to terminate

3 - call the job termination REST API endpoint for this job SID.
http://docs.splunk.com/Documentation/Splunk/6.5.0/RESTREF/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7D...

example with curl to finalize job "mysearch_02151949"

 curl -k -u admin:pass https://localhost:8089/services/search/jobs/mysearch_02151949/control -d action=finalize

Remark : If you want to script , you can use the SDK to interact with the API
http://dev.splunk.com/sdks?r=searchtip

View solution in original post

yannK · ‎09-29-2016

1 -query the REST API to get the list of jobs running and their SID

see http://docs.splunk.com/Documentation/Splunk/6.5.0/RESTTUT/RESTsearches

2 - find the ones you want to terminate

3 - call the job termination REST API endpoint for this job SID.
http://docs.splunk.com/Documentation/Splunk/6.5.0/RESTREF/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7D...

example with curl to finalize job "mysearch_02151949"

 curl -k -u admin:pass https://localhost:8089/services/search/jobs/mysearch_02151949/control -d action=finalize

Remark : If you want to script , you can use the SDK to interact with the API
http://dev.splunk.com/sdks?r=searchtip

How can I end a long running search job using the Splunk API?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk