All Apps and Add-ons

Why doesn't my quartz scheduler cron settings used on Splunk Add-on for MS SCOM work?

hettervik
Builder

Hi folks,

I've installed a HF on a SCOM server to collect SCOM logs to Splunk. On the HF I've installed the Splunk Add-on for Microsoft System Center Operations Manager to collect logs using scheduled PowerShell scripts. The logs are indeed collected, but not on the interval I expected. One of my collection stanzas with the name "Events" uses the default quartz cron settings, which is 0 0 * ? * *. This should mean the the logs are collected every hour, but they are not, they are collected every midnight instead.

The add-on GUI on the HF for the collection stanza says 0 0 * ? * *, as well as the setting schedule in stanza [powershell://_Splunk_TA_micosoft_scominternal_used_Events] in inputs.conf, as well as the setting interval in stanza [Events] in microsoft_scom_task.conf. Yet the logs are only collected every midnight.

Anyone got an idea on why this is, or how I could go forward in troubleshooting this?

UPDATE: The version om SCOM we're running is 2012 r2 update 14.

1 Solution

hettervik
Builder

The problem solved itself when we upgraded the HF running the SCOM TA from Splunk Enterprise version 7.0.2 to version 7.1.2. Apparantly there was a bug (?) with the SCOM TA cron quartz scheduler on the old version.

View solution in original post

0 Karma

hettervik
Builder

The problem solved itself when we upgraded the HF running the SCOM TA from Splunk Enterprise version 7.0.2 to version 7.1.2. Apparantly there was a bug (?) with the SCOM TA cron quartz scheduler on the old version.

0 Karma

agupta2607
New Member

How did you resolve the issue?

0 Karma
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...