Reviving the thread a year later: I have the same problem, had it back in Splunk 6.6.2 and still seeing it in Splunk 8.2.6 years later. No idea why - but I really needed to work around it. Here is what I came up with: I open a file, with a name derived from search id, with exclusive access for creation in a special `lock` folder. If it succeeds, I proceed with the rest of the code. If it fails, I realize that it was already "caught" by the previous run of the same command and bail out. Of course, I need some way of tidying up that `lock` folder, which is something that can be done with a scripted input, and not too frequently - once a day or even once a week should be plenty. In theory, I should be able to remove (unlink) that lock file right from the second instance, but it bit me in the back, so I abandoned the idea. Might want to revisit now, after so many years...
... View more