Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Multiprocessing with one connection python

jfuruness
New Member
‎01-12-2018 08:01 PM

Can two different child processes share/inherit one splunk connection, and run simultaneous searches? For some reason whenever I do this I get http: 404 not found -- unknown sid errors

0 Karma
Reply

mayurr98
Super Champion
‎01-12-2018 10:57 PM

The workaround for this
After starting search, go to Jobs page under Activity from top right hand corner. Then hit Save for the search you are running.
This error usually happens on long searches and this workaround helps.

Also you can try configure below in limits.conf

 ttl = <integer>
 * How long search artifacts should be stored on disk once completed, in
   seconds. The ttl is computed relative to the modtime of status.csv of the job
   if such file exists or the modtime of the search job's artifact directory. If
   a job is being actively viewed in the Splunk UI then the modtime of
   status.csv is constantly updated such that the reaper does not remove the job
   from underneath.
 * Defaults to 600, which is equivalent to 10 minutes.

let me know if this helps!

0 Karma
Reply

jfuruness
New Member
‎01-12-2018 11:05 PM

These searches occur automatically, so I cannot hit save as you are suggesting. Also, they only take about a minute to search, which is much less than the time to live in limits.conf. Are you sure it's not because I am running multiple searches simultaneously on the same connection (in multiple processes)? Also, do you know if it is allowed to have multiple processes inherit/share the same connection?

0 Karma
Reply

jfuruness
New Member
‎01-12-2018 08:02 PM

this is using the python sdk for splunk

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...