I'm running the command below:
sudo -u splunk /opt/splunk/bin/splunk cmd python /opt/splunk/bin/fillsummaryindex.py -app search -name eligible -et -y -lt now -j 2 -owner admin -auth admin:password
I get the following back:
*** For saved search 'eligible' ***
No handlers could be found for logger "splunk.rest.format"
No scheduled times for your time range.
No searches to run
I'm not sure what the response back means exactly.
'eligible' is a scheduled search and I'm trying to run that same search but using it to backfill the summary index.
scheduling is enabled for the search. should I disable that?
I'm using Basic and running every minute. My search range is -7mon@mon and -7mon@mon+1h.
But there is data before that I need to backfill.
Are you running the search on a search head, but the summary index resides on indexers? You might need the
But I really suspect that you need to include the
-owner option, or perhaps change the permissions on the scheduled search
More info on the options: Manage summary index gaps and overlaps