Splunk Search

Failed to get list of scheduled times for saved search

MidnightRun
Explorer

I'm trying to backfill my summary index with 2 months worth of data with a report that gives results from the last minute. This is my report:

 

    

action.email.useNSSubject = 1
action.summary_index = 1
action.summary_index._type = event
alert.track = 0
cron_schedule = */1 * * * *
dispatch.earliest_time = -1m
dispatch.latest_time = now
display.events.fields = ["host","source","sourcetype","Price","ID","Date","Time"]
display.general.type = statistics
display.page.search.tab = statistics
display.visualizations.show = 0
enableSched = 1
realtime_schedule = 0
request.ui_dispatch_app = myapp
request.ui_dispatch_view = search
schedule_priority = higher
search = index="myindex" sourcetype="mysource"
| append [ search index="myindex" sourcetype="mysource" earliest=-1mon@mon latest=@mon
| stats avg(Price) as past_avg by ID ]
| eventstats values(past_avg) as past_avg by ID
| where Price > past_avg
| stats values(*) as * by ID
| table ID, Price, past_avg

I tried to fill it using this command:

splunk cmd python fill_summary_index.py -app Myapp -name "Summary_Population" -et -2mon@mon -lt @mon -dedup true

but I get this error:

*** For saved search 'Summary_Populating' ***
Failed to get list of scheduled times for saved search 'Summary_Populating' (app = 'Myapp', error = '[HTTP 404] https://127.0.0.1:8089/servicesNS/Myusername/Myapp/saved/searches/Summary_Populating/scheduled_times?earliest_time=-mon%40mon&latest_time=%40now; [{'type': 'ERROR', 'code': None, 'text': 'Action forbidden.'}]'

No searches to run

Does anyone have any idea why is this occurring and how to fix it? 

0 Karma
1 Solution

MidnightRun
Explorer

Stupid mistake, I misspelled the name of the app and didn't notice it until now. 

View solution in original post

0 Karma

MidnightRun
Explorer

Stupid mistake, I misspelled the name of the app and didn't notice it until now. 

0 Karma

manjunathmeti
SplunkTrust
SplunkTrust

Hi @MidnightRun,

Try with the -owner option for searches that are owned by a specific user or role. And also provide -auth username:password option.

splunk cmd python fill_summary_index.py -app Myapp -name "Summary_Population" -et -2mon@mon -lt @mon -dedup true -owner admin -auth admin:password

 

0 Karma

MidnightRun
Explorer

Thank you for the reply, I tried that but I still get the same result. 

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...