Re: Saved Search Scheduling

Siddharthnegi · ‎10-16-2024

I have a saved search which is scheduled but it is not showing and not running at the scheduled time.

PickleRick · ‎10-17-2024

It's usually nice to actually ask a question after reporting the current state.

Typically if the search is properly defined and scheduled but is not being run, the issue is with resources. Are you sure your SH(C) is not overloaded and you have no delayed/skipped searches? Did you check scheduler's logs?

gcusello · ‎10-16-2024

Hi @Siddharthnegi ,

is this savedsearch an alert or a report?

is this savedsearch shared at least at app level or private?

are you sure that the savedsearch has results?

please, make a test modifying the savedsearch assuting that there will be at least one result and see what happens.

Ciao.

Giuseppe

Siddharthnegi · ‎10-16-2024

Its a report , it is shared at global level, when i ran this search it is giving results.

gcusello · ‎10-16-2024

Hi @Siddharthnegi ,

in the test, be sure that the time period is the same at the scheduled time.

Then, do you know in what app it's located?

so you can search it, if you don't know the app, you could search it on SSH in savedsearches.conf files.

Ciao.

Giuseppe

Saved Search Scheduling

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation