Solved: How to change the frequency of search jobs schedul...

Javo222 · ‎08-08-2016

I've messed my Splunk system up a bit and some jobs or searches (I don't remember) are continuously running (every minute I think). This causes my CPU to rise to 100% a few seconds after splunkd starts. Unfortunately, I don't have time to stop them or edit them from Splunk Web.

Are the jobs stored in any config file? I would like to edit them so I can change the frequency to 24h or so.

Right now I'm stuck and can't do anything.

sjohnson_splunk · ‎08-08-2016

Look for a file: savedsearches.conf inside of an app/local directory: (like etc/apps/search/local)

View solution in original post

sjohnson_splunk · ‎08-08-2016

Look for a file: savedsearches.conf inside of an app/local directory: (like etc/apps/search/local)

Javo222 · ‎08-09-2016

Thanks! Found it under C:\Program Files\Splunk\etc\users\admin\search\local

skoelpin · ‎08-08-2016

You can access all your saved searches in the Splunk web interface (The GUI).. Go to the top left where it says Activity then select Jobs and this will show all the searches that are running

How to change the frequency of search jobs scheduled to run from configuration files to prevent 100% CPU usage?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms