Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

searchs that does not succeed

warmup031
Explorer
‎04-20-2020 01:20 AM

Hello,
I would like to know how to find searchs that do not succeed (no results or with errors) ?
Some users complains about the fact that searchs does not give any results, and I would like to find if there is a search to find these errors (are there any errorcode to find, or else ?)
Thank you

0 Karma
Reply

warmup031
Explorer
‎04-20-2020 07:57 AM

Hello Codebuilder,

The error would come from manual searches not from scheduler. In Dmc you talk about scheduled searches skipped ? or something else. I'm searching for manual searches in error.

Thank you

0 Karma
Reply

codebuilder
Influencer
‎04-20-2020 07:02 AM

If you have a DMC there are dashboards to show you this type of information, but from a SH you can use something like this:

index=_internal sourcetype=scheduler (status="skipped" OR status="deferred")
----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Get Updates on the Splunk Community!

Simplifying the Analyst Experience with Finding-based Detections

    Splunk invites you to an engaging Tech Talk focused on streamlining security operations with ...

[Puzzles] Solve, Learn, Repeat: Word Search

This challenge was first posted on Slack #puzzles channelThis puzzle is based on a letter grid containing ...

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4

Advent of CodeIn order to participate in these challenges, you will need to register with the Advent of Code ...