Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Summary Index Backfill

kenchisho
Path Finder
‎02-13-2012 07:27 AM

Hi guys,

I am trying to backfill data into a summary index...

when i run the command using the py script i get an error saying:

*** For saved search 'fw_web_monthly_top_domains' ***
No scheduled times for your time range.

I have turned off the schedule for this search and tried playing around with the et and lt values with no effect...

any ideas?

Tags (2)
0 Karma
Reply

clyde772
Communicator
‎07-29-2012 07:10 PM

kenchisho,

Make sure to check the few things,

  1. Saved search should have a proper scheduling set-up, ie */5 * * * * or every X.
  2. Make sure that perticular saved search have proper authrization setup to share, default splunk seems to save it as private search so it can't be shared.

Clyde772.

0 Karma
Reply

kenchisho
Path Finder
‎02-14-2012 02:18 PM

the schedule is set to run at midnight on the first day of every month...

0 0 1 * *

0 Karma
Reply

jbsplunk
Splunk Employee
Splunk Employee
‎02-14-2012 09:17 AM

what is the schedule for 'fw_web_monthly_top_domains'?

0 Karma
Reply

kenchisho
Path Finder
‎02-14-2012 03:09 AM

Hi... here is the complete command...

./splunk cmd python fill_summary_index.py -app noc -index firewall_summary -name fw_web_monthly_top_domain -et -1mon@mon -lt @mon -j 8 -owner admin -showprogress true -auth admin:changeme

0 Karma
Reply

imrago
Contributor
‎02-13-2012 02:40 PM

please post the complete command

0 Karma
Reply
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Get Updates on the Splunk Community!