Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is fill_summary_index failing to get list of scheduled times?

jsilverbears
Path Finder
‎11-08-2016 12:18 PM

I created a report to send data into the summary index under a certain title. It's working. The problem is that I can't get the backfill to work.

I run this command in the bin folder:

./splunk cmd python fill_summary_index.py -app search -name "new - summary" -et @mon -lt now -j 8 -dedup true -showprogress true -auth admin:password

But I keep getting the following error message:

*** For saved search 'new - summary' ***
Failed to get list of scheduled times for saved search 'new - summary' (app = 'search', error = '[HTTP 404] https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches/new%20-%20summary?earliest_time=%40mo...; [{'type': 'ERROR', 'code': None, 'text': "\n In handler 'savedsearch': Could not find object id=new - summary"}]'

I created that saved search in the Splunk Searches, Reports, and Alerts interface. I have done back fills before but not since upgrading to 6.4. Is there something I am missing?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jsilverbears
Path Finder
‎11-08-2016 02:00 PM

Okay, yeah. I figured it out. I needed to have the -owner admin option put into the command. I hadn't needed it before but I guess I need it now.

My original command was unchanged since the last time it worked and it didn't have that option set. All the other backfills I have done also have admin as the owner too.

Oh, well. I fixed it. Yay me.

View solution in original post

Reply
Solved! Jump to solution
Solution

jsilverbears
Path Finder
‎11-08-2016 02:00 PM

Okay, yeah. I figured it out. I needed to have the -owner admin option put into the command. I hadn't needed it before but I guess I need it now.

My original command was unchanged since the last time it worked and it didn't have that option set. All the other backfills I have done also have admin as the owner too.

Oh, well. I fixed it. Yay me.

Reply
Solved! Jump to solution

aferone
Builder
‎06-01-2017 11:26 AM

This exact scenario happened to me, and I also had to add the "-owner" switch to the command. I never needed it before. Thanks for finding this!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...