Report failed schedule report

rsathish47 · ‎12-14-2014

HI All,

how do we report failed scheduled report/search in splunk.. Please let me know your thoughts .

Thanks
Sathish R

MuS · ‎12-15-2014

Hi rsathish47,

check your Splunk logs like this:

index=_internal source="*scheduler.log"

this will bring up all information about the scheduled searches. You can find more information on other Splunk internal messages if you leave the source from the search.
You can find some pdf related messages in python.log for example and you can increase logging channels to get more detailed messages back http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Enabledebuglogging

hope that helps ...

cheers, MuS

MuS · ‎12-14-2014

please provide more details, like do you want to search for searches that literally failed (the search itself?) or do you want to run a search that searches for events that contain the value failed ?

rsathish47 · ‎12-14-2014

Errors Like this
An error occurred while generating a PDF of this report
Some times we are not reciveing mail from scheduled search/report

Report failed schedule report

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >