Searches and reports Cache

pero1234 · ‎08-04-2011

How to clean Searches and reports cache?

I just rename stanza from [Report TEST] to [Report All Users] in my savedsearches.conf but that report on email is still under name 'Report TEST'!!!

After research all my savedsearches.conf files I saw that I have another [Report TEST] and my new one [Report All Users] with the same parameters and search!

/opt/splunk/etc/apps/search/local/savedsearches.conf

[Report TEST]
alert.suppress = 0
alert.track = 1
counttype = number of events
cron_schedule = */10 * * * *
dispatch.earliest_time = -10m@m
dispatch.latest_time = now
enableSched = 1
quantity = 0
relation = greater than
search = index=myindex sourcetype=mysourcetype test1

/opt/splunk/etc/apps/search/local/savedsearches.conf

[Report All Users]
alert.suppress = 0
alert.track = 1
counttype = number of events
cron_schedule = */10 * * * *
dispatch.earliest_time = -10m@m
dispatch.latest_time = now
enableSched = 1
quantity = 0
relation = greater than
search = index=myindex sourcetype=mysourcetype test1

'Report TEST' works but 'Report All Users' don't!!!! Why?????

hjwang · ‎08-05-2011

Restart your splunk to reload new configure file

pero1234 · ‎08-05-2011

Restart did not help!

Searches and reports Cache

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

Searches and reports Cache

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...