Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

retrying a scripted input after a failure

Justin_Grant
Contributor
‎02-22-2010 08:47 PM

[I heard this question on an internal mailing list, but it seemed generally relevant so asking it here too]

I have a scripted input that talks to an SDEE interface on the Cisco IPS. This interface can be flakey at times and I am running into an issue where if a connection fails Splunk will no longer retry the script. I assumed with the scheduler set -1 it would just try to reconnect after the script exits. I am catching the exception and exiting gracefully but that doesn't seem to work or I am just doing it wrong. Can anyone give me a pointer as to what I need my script to do in order to get Splunk to retry it if the first connection fails.?

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎02-22-2010 10:30 PM

If you set the interval to -1, it runs the script just once, when Splunk starts up. If you set it to 1, it runs the script again 1 second after the previous invocation exits. It's generally true for all scripted inputs that the next instance runs interval seconds after the exit of the previous invocation.

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎02-22-2010 10:30 PM

If you set the interval to -1, it runs the script just once, when Splunk starts up. If you set it to 1, it runs the script again 1 second after the previous invocation exits. It's generally true for all scripted inputs that the next instance runs interval seconds after the exit of the previous invocation.

Reply
Solved! Jump to solution

Will_Hayes
Splunk Employee
Splunk Employee
‎02-22-2010 09:10 PM

The interval need to be set to 1 not -1 for auto-retry on exit.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...