Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is fill_summary_index failing to get list of scheduled times?

jsilverbears
Path Finder
‎11-08-2016 12:18 PM

I created a report to send data into the summary index under a certain title. It's working. The problem is that I can't get the backfill to work.

I run this command in the bin folder:

./splunk cmd python fill_summary_index.py -app search -name "new - summary" -et @mon -lt now -j 8 -dedup true -showprogress true -auth admin:password

But I keep getting the following error message:

*** For saved search 'new - summary' ***
Failed to get list of scheduled times for saved search 'new - summary' (app = 'search', error = '[HTTP 404] https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches/new%20-%20summary?earliest_time=%40mo...; [{'type': 'ERROR', 'code': None, 'text': "\n In handler 'savedsearch': Could not find object id=new - summary"}]'

I created that saved search in the Splunk Searches, Reports, and Alerts interface. I have done back fills before but not since upgrading to 6.4. Is there something I am missing?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jsilverbears
Path Finder
‎11-08-2016 02:00 PM

Okay, yeah. I figured it out. I needed to have the -owner admin option put into the command. I hadn't needed it before but I guess I need it now.

My original command was unchanged since the last time it worked and it didn't have that option set. All the other backfills I have done also have admin as the owner too.

Oh, well. I fixed it. Yay me.

View solution in original post

Reply
Solved! Jump to solution
Solution

jsilverbears
Path Finder
‎11-08-2016 02:00 PM

Okay, yeah. I figured it out. I needed to have the -owner admin option put into the command. I hadn't needed it before but I guess I need it now.

My original command was unchanged since the last time it worked and it didn't have that option set. All the other backfills I have done also have admin as the owner too.

Oh, well. I fixed it. Yay me.

Reply
Solved! Jump to solution

aferone
Builder
‎06-01-2017 11:26 AM

This exact scenario happened to me, and I also had to add the "-owner" switch to the command. I never needed it before. Thanks for finding this!

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...