×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
connoe
Loves-to-Learn
Member since: 2 weeks ago
2 weeks ago
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-26-2025
View All

Re: scheduling task Zombie scheduling tasks or re...

by in Splunk Enterprise
2 weeks ago
2 weeks ago
25/10/23 13:49:14.681 Audit:[timestamp=10-23-2025 13:49:14.681, user=splunk-system-user, action=search, info=terminate, search_id='scheduler__admin_Y3JjYl9zb2M__RMD521469da3b4d98e5c_at_1608232140_66522_DFDF466D-7806-45A7-8AF8-668D0FD6DA89'][n/a] 25/10/23 13:49:14.681 Audit:[timestamp=10-23-2025 13:49:14.681, user=splunk-system-user, action=search, info=cancel, search_id='scheduler__admin_Y3JjYl9zb2M__RMD521469da3b4d98e5c_at_1608232140_66522_DFDF466D-7806-45A7-8AF8-668D0FD6DA89'][n/a] 25/10/23 13:49:14.681 Audit:[timestamp=10-23-2025 13:49:14.681, user=splunk-system-user, action=search, info=terminate, search_id='scheduler__manager_Y3JjYl9zb2M__RMD5e4bf144359145290_at_1736159640_85246_2F9B3DBA-D627-42DA-8463-E30EA1FE1D2F'][n/a]   I have three search headers. Only one of them, the audit, is filled with such logs, and the data volume is extremely large. As a result, I now have tens of millions of audit logs every day. I followed some rules and found that it was once per minute, but in audi, it can generate around 7,000 such logs per minute ... View more

scheduling task Zombie scheduling tasks or residu...

by in Splunk Enterprise
2 weeks ago
2 weeks ago
I found that the audit data volume was abnormal, with a large number of interrupted and blocked logs. Based on search_id, I checked the corresponding tasks and found that some tasks had been disabled and some had been deleted, but audit showed that they were still being scheduled and were interrupted and blocked very quickly. splunk 7.2.4   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
2 weeks ago