All Apps and Add-ons

Why is the Splunk ExecProcessor Rescheduling a specific cronjob every interval?



Splunk ExecProcessor is rescheduling a specific cronjob for the Rapid7 Nexpose add-on; is being rescheduled at nearly every interval, even if I set it to run every minute. From splunkd.log:

ExecProcessor - setting reschedule_ms=3599999, for command=python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/

I have checked and all files are splunk:splunk with the following permissions: -rwxr-xr-x
Authentication with the Nexpose device is successful since we do occassionally get a job to run and fetch the logs. Any help would be greatly appreciated as Splunk support will not assist.


Hi mitchfultz -

I've looked into this extensively as I'm having the same issue - it appears the process doesn't exit at the end of its run against the sites eligible for query. The process below started at 5:00am and is still running despite reaching the end of the list of sites to process:

$ ps -ef | grep -v grep | grep nexpose
splunk 58152 29727 0 05:00 ? 00:00:18 python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/

Sadly, I've resorted to issuing a kill to take it down after several hours. The splunk daemon restarts it automatically and it begins another run without any further intervention. I've setup a cron job to run once an hour and kill this process if its older than 4 .5 hours - you may need to adjust the time based on number of sites and typical duration:

$ crontab -l
0 */1 * * * kill $(find /proc -maxdepth 1 -user splunk -type d -mmin +270 -exec basename {} \; | xargs ps | grep nexpose | awk '{ print $1 }')

Not a permanent fix, but it will keep me from restarting it manually constantly until I find out why it continues to be rescheduled into the future.

0 Karma
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...