Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What history did rest /services/search/jobs brings up

nagar57
Communicator
‎01-05-2023 08:57 PM

I am running | rest /services/search/jobs command to check my failed searches for last 24 hrs. But I see that some of the searches are not getting captured. I wanted to know how long in past does rest command searches the data.

Does it bring up results only for last few hours or few days ?

Labels (2)
0 Karma
Reply

SanjayReddy
SplunkTrust
SplunkTrust
‎01-05-2023 09:28 PM

Hi @nagar57 

the /services/search/jobs gives the results jobs which are active ,  means searches which are not expried 

SanjayReddy_0-1672982772800.png

Based on type of search run there is ttl(time to live ) value for search, 

SanjayReddy_1-1672982838874.png

 

may be some searched are expired after TTL , so you are not able to view them,

alertnatly you can view from 

SanjayReddy_2-1672982931944.png

 

 

0 Karma
Reply

nagar57
Communicator
‎01-06-2023 02:27 AM

My job expiry date is 7th Jan still this job is not getting captured with rest command. 

Below is the query I am using :

| rest /services/search/jobs count=0 splunk_server=* 
| search isDone=1 isSavedSearch=1 messages.error!="*requires a .csv or KV store lookup definition*"
| rename messages.error as message eai:acl.app as App_Name label as Splunk_Search
| table Date Time App_Name Splunk_Search splunk_server message
Preview file
96 KB
0 Karma
Reply

nagar57
Communicator
‎01-06-2023 02:34 AM

Also., I see that this job failure is getting captured in _internal logs. Don't know why rest command is not able to capture it.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...