@kiran_panchavat Thanks for your response. 

My concern is that it worked fine in Splunk Enterprise 8.1.1, but after upgrading to version 9.1.1, I am encountering fatal errors and “bad allocation” issues for the same scheduled search.

Hi

Have you read what has changed when splunk is updated from 8.1 to 9.1? There is read me first document(s) which told those. Especially there could be some removed features which have worked on old but not in a new version!

Also if/when there are versions with higher patch level x.y.Z then you usually should select those instead of lower.

https://docs.splunk.com/Documentation/Splunk/9.1.1/Installation/AboutupgradingREADTHISFIRST

For example you found this from it “Splunk supports a direct upgrade to Splunk Enterprise 9.1 from versions 8.2.x and higher only”!

If you have updated directly from 8.1.1 to 9.1.1 this is not supported and now you have missed some important migration steps which modified needed component between versions. Currently splunk support upgrades over only one minor version like 8.1 to 9.0 or 8.2 to 9.1.

Also you should always train/test with test environment first and after you see that everything is ok then do those same steps with production.

Your best and only supported solution is use your backup and do your upgrade again with supported path. Also you must start splunk in each versions which you are using on path from source to destination version! It didn’t do those migration steps with this.

If you haven’t a backup then probably best option is create support ticket and ask if they have any instructions how you could try to fix the situation.

r. Ismo