AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Splunk saved search12/6/2023 I have checked the roles and capabilities assigned and found both "dispatch_rest_to_indexer or rest_properties_get capability" are not assigned to my role (admin). These apps are configured under deployment instances. Hi Cmerriman, I had tried for other apps and fetch the saved search names that are configured to DA-deployment_monitor, sos, search apps. Similarly we have almost 10 saved searches name, so let me know how to fix the skipped search issue, what configuration change I should make to fix this issue. These apps are configured under deployment = 1Īuto_time = 1Īuto_time = splunk_deployment_monitor Hi Jkat54, yes I had tried for other apps and fetch the saved search names that are configured to DA-deployment_monitor, sos, search apps. Unexpected status for to fetch REST endpoint uri= from server= - Not Found Unexpected status for to fetch REST endpoint uri= from server= - Forbidden Check that the URI path provided exists in the REST API. REST Processor: Failed to fetch REST endpoint uri= from server. dispatchbuckets - (Optional) The maximum number of timeline buckets. Defaults to 0.Disabled saved searches are not visible in Splunk Web. disabled - (Optional) Indicates if the saved search is enabled. REST Processor: Failed to fetch REST endpoint uri= from server. description - (Optional) Human-readable description of this saved search. | rest /servicesNS/nobody/SA-critical_security_controls/admin/summarization/ But I am getting the following errors while executing the query. Hi Jkat thanks for your effort on this, I had tried the above query to fetch the summarization details by executing the query for 24 hrs time frame from the search head cluster web console. We are getting the list of accelerated saved search name as "ACCELERATE_D4D707D0-38F3-4F47-A1AA-9DD305E110D0_search_nobody_365ca83246f2cca8_ACCELERATE: so unable to find the exact name of it. So we wanted to list out all auto-summarization searches from search head cluster and we may be able to remove some of that aren't needed before making a change that has the potential to greatly impact performance. Due to which we could see some of the scheduled searches are skipped without running. Note: Actually we are getting this message """The maximum number of concurrent auto-summarization searches on this instance has been reached" it is occurring due to currently running summarization searches have not completed and the scheduler cannot start the next summarization search. Index="_internal" source="*scheduler.log" savedsplunker | stats count BY user, savedsearch_name, host,statusīased on the search result, I found skipped status are getting generated from two splunk instance nodeīut unable to get the exact saved search name from the list, I could see the below name under saved search column Hi All, Can anyone guide me, on how to find the saved search name from the below saved search names.
0 Comments
Read More
Leave a Reply. |