All Apps and Add-ons

REST Modular Input - Cron Schedule not working. Known Issues?

Dohrendorf_Cons
Path Finder

Are there any known issues or gotchas with this? I tried to use this and could not get it to work. Cron Schedule was 0 4 * * * so I expected it to run at 4 in the morning, which it did not.

So I also checked with * * * * * and the more complex */3 * * * * to be safe, none of them created any events. When I run the input on a simple interval it does work though.

I set the rest.py script to logging.DEBUG, but do not get any usefol logmessages. Only information about the configuration is being logged. Also tried setting the ExecProcessor to Debug did not help either.

Any tips on what I might try to get this working?

Goesta
Explorer

Sorry for necroing this, but did you ever find a solution for this issue? Facing the same problem here

0 Karma

shariinPH
Contributor

Having same issues with this one. any inputs for this?

0 Karma

Goesta
Explorer

We ended up using the Web Tool Add-On, see this thread for the soultion:
https://answers.splunk.com/answers/762851/web-tools-add-on-how-to-reschedule-saved-searches.html

0 Karma

shariinPH
Contributor

Thank you @Goesta
I havve read the thread but it's far from the requirement I need. But I appreciate your efforts for this.

0 Karma

Damien_Dallimor
Ultra Champion

Can you post your inputs.conf rest stanza ?

Also , any error messages ? Search : index=_internal error ExecProcessor rest.py

0 Karma

Dohrendorf_Cons
Path Finder
[rest://GA]
auth_type = oauth2
endpoint = https://www.googleapis.com/analytics/v3/data/ga?ids=ga%#########&start-  date=30daysAgo&end-date=yesterday&metrics=ga%3Asessions&dimensions=ga%3Abrowser
host = GoogleAnalytics_BrowserStats
http_method = GET
index = main
index_error_response_codes = 1
oauth2_access_token = XXXXXX
oauth2_client_id = XXXXXX
oauth2_client_secret = XXXXXX
oauth2_refresh_token = XXXXXXX
polling_interval = * * * * *
response_type = json
sourcetype = json_no_timestamp
sequential_mode = 1
streaming_request = 0
oauth2_refresh_url = https://accounts.google.com/o/oauth2/token
sequential_stagger_time = 30

As mentioned this works when using an interval like 60 seconds but stops doing anything when set to cron. I experimented with different settings for Cron, sequential requests set to true or false and different Stagger Time values. All to no avail.

0 Karma

shariinPH
Contributor

Having same issues with this one. any inputs for this?

0 Karma

tin_fish
Explorer

Do you have other scheduled searches, not calling the same modular code, that are behaving as expected?

Also are you operating in a clustered environment?

0 Karma

Dohrendorf_Cons
Path Finder

Yes I do, there are some reports and alerts running on cron, behaving exactly as expected.

No, currently running single instance.

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...