Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Report failed schedule report

rsathish47
Contributor
‎12-14-2014 10:10 PM

HI All,

how do we report failed scheduled report/search in splunk.. Please let me know your thoughts .

Thanks
Sathish R

Tags (1)
0 Karma
Reply

jonaclough
Path Finder
‎10-19-2023 06:48 AM

Scheduled report:

index=_internal source="*scheduler.log" log_level=ERROR 
| eval user=mvindex(split(savedsearch_id, ";"), 0)
| eval app=mvindex(split(savedsearch_id, ";"), 1)
| eval search=mvindex(split(savedsearch_id, ";"), 2)
| stats count by user, app , search, message

Failed search:

index=_audit action=search has_error_warn=true fully_completed_search=false

 

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎12-15-2014 12:07 AM

Hi rsathish47,

check your Splunk logs like this:

index=_internal source="*scheduler.log"

this will bring up all information about the scheduled searches. You can find more information on other Splunk internal messages if you leave the source from the search.
You can find some pdf related messages in python.log for example and you can increase logging channels to get more detailed messages back http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Enabledebuglogging

hope that helps ...

cheers, MuS

Reply

MuS
SplunkTrust
SplunkTrust
‎12-14-2014 10:52 PM

please provide more details, like do you want to search for searches that literally failed (the search itself?) or do you want to run a search that searches for events that contain the value failed ?

0 Karma
Reply

rsathish47
Contributor
‎12-14-2014 11:33 PM

Errors Like this
An error occurred while generating a PDF of this report
Some times we are not reciveing mail from scheduled search/report

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...