Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Loadjob returns oldest job in job history

stanwin
Contributor
‎12-28-2016 06:59 AM

All

wonder if anyone else has had this issue with loadjob. (Splunk 6.4.4 build b53a5c14bb5e)

SPLUNK loads the oldest sid i.e. the oldest job in the job history at times

Already have a related case opened & will update the finding here.

You will note from below that the job selected from below is not the latest..

| rest "/services/saved/searches/massive_searching/history" | table title published

title published
scheduler_adminJLPOperationsRMD501616f0095d16b4d_at_1482933600_8038_610C6DEE-BD24-46B3-B2D2-F473062C2A5C 2016-12-28T14:00:05+00:00
scheduleradminJLPOperationsRMD501616f0095d16b4d_at_1482934860_8331_610C6DEE-BD24-46B3-B2D2-F473062C2A5C 2016-12-28T14:21:04+00:00
scheduleradminJLPOperationsRMD501616f0095d16b4d_at_1482935040_17514_38D39F64-2AEA-4ACE-AAEE-977BE62EB003 2016-12-28T14:24:01+00:00
scheduleradminJLPOperationsRMD501616f0095d16b4d_at_1482935220_17571_38D39F64-2AEA-4ACE-AAEE-977BE62EB003 2016-12-28T14:27:06+00:00
scheduleradminJLPOperationsRMD501616f0095d16b4d_at_1482935400_46238_C47C0830-55E7-4973-8146-4AE3832AA41E 2016-12-28T14:30:02+00:00
scheduleradminJLPOperations_RMD501616f0095d16b4d_at_1482935580_8474_610C6DEE-BD24-46B3-B2D2-F473062C2A5C 2016-12-28T14:33:01+00:00

search.log

Splunk usually waits long time displaying waiting for data before loading results with oldest SID id & NOT latest..

12-28-2016 14:34:30.235 INFO UserManager - Done setting user context: NULL -> amdin
12-28-2016 14:34:30.235 INFO UserManager - Setting user context: amdin
12-28-2016 14:34:30.235 INFO UserManager - Done setting user context: NULL -> amdin
12-28-2016 14:34:30.269 INFO SearchOperator:loadjob - found latest sid=scheduler_adminJLPOperations_RMD501616f0095d16b4d_at_1482933600_8038_610C6DEE-BD24-46B3-B2D2-F473062C2A5C from https://127.0.0.1:8089/servicesNS/amdin/amdinapp//saved/searches/massive_searching/history?output_mo..., for savedsearch=amdin:amdinapp:massive_searching
12-28-2016 14:34:30.294 INFO UserManager - Unwound user context: amdin -> NULL
12-28-2016 14:34:30.295 INFO UserManager - Setting user context: amdin

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

burwell
SplunkTrust
SplunkTrust
‎12-28-2016 01:48 PM

Hello. I ran into this with Splunk 6.4.

The 6.5.1 release notes show that it was fixed in 6.5.1

https://docs.splunk.com/Documentation/Splunk/6.5.1/ReleaseNotes/6.5.1

loadjob on Search Head Cluster (SHC) brings oldest run rather than latest

View solution in original post

Reply
Solved! Jump to solution
Solution

burwell
SplunkTrust
SplunkTrust
‎12-28-2016 01:48 PM

Hello. I ran into this with Splunk 6.4.

The 6.5.1 release notes show that it was fixed in 6.5.1

https://docs.splunk.com/Documentation/Splunk/6.5.1/ReleaseNotes/6.5.1

loadjob on Search Head Cluster (SHC) brings oldest run rather than latest

Reply
Solved! Jump to solution

ashwini_hosbet
Loves-to-Learn
‎02-02-2017 02:13 PM

Is there a work around for older versions (6.4)?

0 Karma
Reply
Solved! Jump to solution

stanwin
Contributor
‎02-16-2017 06:46 AM

Hello Ashwini

you could use REST to fetch the most recent saved search job history ( tail ) & use the title (the job identifier) as a input to loadjob

However this will cause messy error message at the time the job is running which may dissuade usage of it entirely!

0 Karma
Reply
Solved! Jump to solution

stanwin
Contributor
‎12-29-2016 06:49 AM

Thanks Burwell!

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...