Solved: Using the Java SDK, how do I change job TTL after ...

mgibian · ‎10-15-2014

I have written a tiny Java app to run a query and retrieve the results of that query, saving them to a file. Our Splunk system is totally overloaded, so it takes quite a while for this to happen. In fact, so long that the default TTL for the job expires at some random point during result retrieval. Right now, the only way I found to manipulate the TTL is to set it to a different value at job creation. Thus, I now set it to some arbitrarily large value (>6 hours). This means that I have to manually delete the job once my app is done running (since I don't want to wait >5 hours to clear the space in use).

I'd like to handle all of this more gracefully, but to do so need to know how to do the following ... I can not find documentation explaining how to do these, thus this question:

Extend TTL on an existing job
- Delete a job when it is done (I could try setting TTL to zero if I knew how to change TTL on an existing job).

mgibian · ‎10-22-2014

The solution is actually rather simple ... use an export search, which avoids all of the headaches of ttl and size of result set.

View solution in original post

mgibian · ‎10-22-2014

The solution is actually rather simple ... use an export search, which avoids all of the headaches of ttl and size of result set.

Using the Java SDK, how do I change job TTL after creation?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation