Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is fill_summary_index failing to get list of scheduled times?

jsilverbears
Path Finder
‎11-08-2016 12:18 PM

I created a report to send data into the summary index under a certain title. It's working. The problem is that I can't get the backfill to work.

I run this command in the bin folder:

./splunk cmd python fill_summary_index.py -app search -name "new - summary" -et @mon -lt now -j 8 -dedup true -showprogress true -auth admin:password

But I keep getting the following error message:

*** For saved search 'new - summary' ***
Failed to get list of scheduled times for saved search 'new - summary' (app = 'search', error = '[HTTP 404] https://127.0.0.1:8089/servicesNS/nobody/search/saved/searches/new%20-%20summary?earliest_time=%40mo...; [{'type': 'ERROR', 'code': None, 'text': "\n In handler 'savedsearch': Could not find object id=new - summary"}]'

I created that saved search in the Splunk Searches, Reports, and Alerts interface. I have done back fills before but not since upgrading to 6.4. Is there something I am missing?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jsilverbears
Path Finder
‎11-08-2016 02:00 PM

Okay, yeah. I figured it out. I needed to have the -owner admin option put into the command. I hadn't needed it before but I guess I need it now.

My original command was unchanged since the last time it worked and it didn't have that option set. All the other backfills I have done also have admin as the owner too.

Oh, well. I fixed it. Yay me.

View solution in original post

Reply
Solved! Jump to solution
Solution

jsilverbears
Path Finder
‎11-08-2016 02:00 PM

Okay, yeah. I figured it out. I needed to have the -owner admin option put into the command. I hadn't needed it before but I guess I need it now.

My original command was unchanged since the last time it worked and it didn't have that option set. All the other backfills I have done also have admin as the owner too.

Oh, well. I fixed it. Yay me.

Reply
Solved! Jump to solution

aferone
Builder
‎06-01-2017 11:26 AM

This exact scenario happened to me, and I also had to add the "-owner" switch to the command. I never needed it before. Thanks for finding this!

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...