Solved: What is Naming convention for files in dispatch fo...

richnavis · ‎05-09-2012

From time to time, I would need to blast the folders in the dispatch folder. Can anyone shed some light on the naming convention? Here are the name prefixes I have found... Some are obvious, some... not so much...

scheduler
rt
remote
"somenumber"
splunk01
"username"

n8 · ‎07-29-2013

"somenumber" are the ad-hoc searches that a user kicks off. The number is the epoch timestamp.

http://blogs.splunk.com/2012/09/12/deciphering-dispatch-directory-names/

View solution in original post

n8 · ‎07-29-2013

"somenumber" are the ad-hoc searches that a user kicks off. The number is the epoch timestamp.

http://blogs.splunk.com/2012/09/12/deciphering-dispatch-directory-names/

richnavis · ‎05-09-2012

Ok.. gonna answer some of this myself based on observation in my environment...

1. scheduler--this search has been invoked by the scheduler... duh!

2. rt--searches that are real time

3. remote-In a pooled search head environment, the search is dispatched for all pooled search heads, so, searches with the "Remote" prefix essentially indicates that the search is a spawned to a searchhead from the original search.

4. somenumber--haven't figured this one out yet.

5. Splunk01--this is a mistake.. there is no splunk prefix

6. username--this is a search spawned by a user

so.. just need to figure out what "somenumber" is.. then I'm good.. if anyone can help..that would be great.

What is Naming convention for files in dispatch folder?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!