×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
connoe
Loves-to-Learn Lots
Member since: ‎10-26-2025
‎02-04-2026
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-26-2025
View All

Re: scheduling task Zombie scheduling tasks or re...

by in Splunk Enterprise
‎10-31-2025 12:43 AM
‎10-31-2025 12:43 AM
25/10/23 13:49:14.681 Audit:[timestamp=10-23-2025 13:49:14.681, user=splunk-system-user, action=search, info=terminate, search_id='scheduler__admin_Y3JjYl9zb2M__RMD521469da3b4d98e5c_at_1608232140_66522_DFDF466D-7806-45A7-8AF8-668D0FD6DA89'][n/a] 25/10/23 13:49:14.681 Audit:[timestamp=10-23-2025 13:49:14.681, user=splunk-system-user, action=search, info=cancel, search_id='scheduler__admin_Y3JjYl9zb2M__RMD521469da3b4d98e5c_at_1608232140_66522_DFDF466D-7806-45A7-8AF8-668D0FD6DA89'][n/a] 25/10/23 13:49:14.681 Audit:[timestamp=10-23-2025 13:49:14.681, user=splunk-system-user, action=search, info=terminate, search_id='scheduler__manager_Y3JjYl9zb2M__RMD5e4bf144359145290_at_1736159640_85246_2F9B3DBA-D627-42DA-8463-E30EA1FE1D2F'][n/a]   I have three search headers. Only one of them, the audit, is filled with such logs, and the data volume is extremely large. As a result, I now have tens of millions of audit logs every day. I followed some rules and found that it was once per minute, but in audi, it can generate around 7,000 such logs per minute ... View more

scheduling task Zombie scheduling tasks or residu...

by in Splunk Enterprise
‎10-26-2025 08:01 PM
‎10-26-2025 08:01 PM
I found that the audit data volume was abnormal, with a large number of interrupted and blocked logs. Based on search_id, I checked the corresponding tasks and found that some tasks had been disabled and some had been deleted, but audit showed that they were still being scheduled and were interrupted and blocked very quickly. splunk 7.2.4   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-04-2026 09:42 PM