Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Missing status for scheduled jobs in scheduler.log

johannthum
Explorer
‎11-08-2018 11:52 PM

Hi all,

I have a SHC in my environment. Today I was troubleshooting an issue where my alert action wasn't firing. After some investigation into the scheduler.log, I found that for the specific search which it wasn't firing, it didn't have an "outcome" status, e.g. skipped, success. The status(es) of the particular sid has only "delegated_remote" and "delegated_remote_completion". The search I ran was:

index=_internal sourcetype=scheduler savedsearch_name="" |stats min(_time) as _time values(status) as status by sid | search status!="success" | sort - _time

Referring to the post below,

https://answers.splunk.com/answers/217666/what-does-statusdelegated-remote-or-statusdelegate.html

"delegated_remote" and "delegated_remote_completion" are generated from the captain as it tries to delegate to job to SH member.

May I know what it implies if a search doesn't have a status? Thanks in advance!

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...