Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is fill_summary_index failing to get list of scheduled times?

jsilverbears
Path Finder
‎11-08-2016 12:18 PM

I created a report to send data into the summary index under a certain title. It's working. The problem is that I can't get the backfill to work.

I run this command in the bin folder:

./splunk cmd python fill_summary_index.py -app search -name "new - summary" -et @mon -lt now -j 8 -dedup true -showprogress true -auth admin:password

But I keep getting the following error message:

*** For saved search 'new - summary' ***
Failed to get list of scheduled times for saved search 'new - summary' (app = 'search', error = '[HTTP 404] https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches/new%20-%20summary?earliest_time=%40mo...; [{'type': 'ERROR', 'code': None, 'text': "\n In handler 'savedsearch': Could not find object id=new - summary"}]'

I created that saved search in the Splunk Searches, Reports, and Alerts interface. I have done back fills before but not since upgrading to 6.4. Is there something I am missing?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jsilverbears
Path Finder
‎11-08-2016 02:00 PM

Okay, yeah. I figured it out. I needed to have the -owner admin option put into the command. I hadn't needed it before but I guess I need it now.

My original command was unchanged since the last time it worked and it didn't have that option set. All the other backfills I have done also have admin as the owner too.

Oh, well. I fixed it. Yay me.

View solution in original post

Reply
Solved! Jump to solution
Solution

jsilverbears
Path Finder
‎11-08-2016 02:00 PM

Okay, yeah. I figured it out. I needed to have the -owner admin option put into the command. I hadn't needed it before but I guess I need it now.

My original command was unchanged since the last time it worked and it didn't have that option set. All the other backfills I have done also have admin as the owner too.

Oh, well. I fixed it. Yay me.

Reply
Solved! Jump to solution

aferone
Builder
‎06-01-2017 11:26 AM

This exact scenario happened to me, and I also had to add the "-owner" switch to the command. I never needed it before. Thanks for finding this!

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...