Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is fill_summary_index failing to get list of scheduled times?

jsilverbears
Path Finder
‎11-08-2016 12:18 PM

I created a report to send data into the summary index under a certain title. It's working. The problem is that I can't get the backfill to work.

I run this command in the bin folder:

./splunk cmd python fill_summary_index.py -app search -name "new - summary" -et @mon -lt now -j 8 -dedup true -showprogress true -auth admin:password

But I keep getting the following error message:

*** For saved search 'new - summary' ***
Failed to get list of scheduled times for saved search 'new - summary' (app = 'search', error = '[HTTP 404] https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches/new%20-%20summary?earliest_time=%40mo...; [{'type': 'ERROR', 'code': None, 'text': "\n In handler 'savedsearch': Could not find object id=new - summary"}]'

I created that saved search in the Splunk Searches, Reports, and Alerts interface. I have done back fills before but not since upgrading to 6.4. Is there something I am missing?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jsilverbears
Path Finder
‎11-08-2016 02:00 PM

Okay, yeah. I figured it out. I needed to have the -owner admin option put into the command. I hadn't needed it before but I guess I need it now.

My original command was unchanged since the last time it worked and it didn't have that option set. All the other backfills I have done also have admin as the owner too.

Oh, well. I fixed it. Yay me.

View solution in original post

Reply
Solved! Jump to solution
Solution

jsilverbears
Path Finder
‎11-08-2016 02:00 PM

Okay, yeah. I figured it out. I needed to have the -owner admin option put into the command. I hadn't needed it before but I guess I need it now.

My original command was unchanged since the last time it worked and it didn't have that option set. All the other backfills I have done also have admin as the owner too.

Oh, well. I fixed it. Yay me.

Reply
Solved! Jump to solution

aferone
Builder
‎06-01-2017 11:26 AM

This exact scenario happened to me, and I also had to add the "-owner" switch to the command. I never needed it before. Thanks for finding this!

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...