Summary Index Backfill

kenchisho · ‎02-13-2012

Hi guys,

I am trying to backfill data into a summary index...

when i run the command using the py script i get an error saying:

*** For saved search 'fw_web_monthly_top_domains' ***
No scheduled times for your time range.

I have turned off the schedule for this search and tried playing around with the et and lt values with no effect...

any ideas?

clyde772 · ‎07-29-2012

kenchisho,

Make sure to check the few things,

Saved search should have a proper scheduling set-up, ie */5 * * * * or every X.
Make sure that perticular saved search have proper authrization setup to share, default splunk seems to save it as private search so it can't be shared.

Clyde772.

kenchisho · ‎02-14-2012

the schedule is set to run at midnight on the first day of every month...

0 0 1 * *

jbsplunk · ‎02-14-2012

what is the schedule for 'fw_web_monthly_top_domains'?

kenchisho · ‎02-14-2012

Hi... here is the complete command...

./splunk cmd python fill_summary_index.py -app noc -index firewall_summary -name fw_web_monthly_top_domain -et -1mon@mon -lt @mon -j 8 -owner admin -showprogress true -auth admin:changeme

imrago · ‎02-13-2012

please post the complete command

Summary Index Backfill

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI

Join the Conversation

Summary Index Backfill

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI