Internet Computer Mobile Games

What sets result_count when running scheduled search

I have a search that runs ever day which is something like which is used to monitor the output of several other searches **search index=_internal sourcetype="scheduler" savedsearch_name=mySearch* status=success NOT result_count="0" | dedup savedsearch_name | table savedsearch_name** It works fine but I can't get a new search to be listed. The new search is checking to see if a file has been updated. Ossec reports correctly that it has but I don't want to see that every day so I have reduced its severity so it doesn't appear but is still recorded. My new search checks to see how old that last record is and if it more than a day old gives me a notification. It works fine when I run it by hand; **sourcetype=ossec_alerts "MyCheckFile" earliest=-28d | dedup reporting_host | eval last_update=strftime(_time, "%F %T") | eval message=if(now() - _time > 86400, "Update did not run recently","") | search NOT message="" | table reporting_host last_update message** Unfortunately although it reports an output the result_count is not set so it is not listed by my first search. I can't understand what sets this. result_count is set correctly with all my other daily searches Thanks

Top similar posts to What sets result_count when running scheduled search

Running a query which is scheduled returns different results from running it from the search bar

Hi, I'm currently setting up an aggregation via a scheduled search. Running the query for this in the search bar obtains the expected results, however, some of the parameters are sometimes off when scheduled. This is the query: udid!="" index="index_here" | eval search_name="search" | addinfo | eval search_day=strftime(info_max_time,"%Y/%m/%d") | stats count(eval(action=="page_view")) AS page_view_count first(gender) AS gender first(age) AS age first(is_registered) AS is_registered by u...

Interacting with running Google Search app

Hi, I am writing an app that transmits and receives data over the audio port, which requires me to start an AudioRecord instance on the mic. I have the app working on most phones, however I ran into an issue on the Droid Mini where the Google Search app has an active AudioRecord on the input source I need. This is due to the Hotword Detection being active at all times on the phone. I don't know why this is an issue on this phone only, as I have the Hotword Detection active on my phone as wel...

Staggering Scheduled Search Using Cron

I'm trying to stagger my scheduled searches in order to spread out resource utilization (20% of searches on the hour, 20% 1 minute after, 20% two minutes after etc.). I should be able to use cron to accomplish this. There is even an existing Answer that addresses this: http://answers.splunk.com/answers/118757/scheduling-alerts-via-cron.html However, I get an "Invalid cron" error when attempting to user the following notation: */5 * * * * 1-59/5 * * * * 2-59/5 * * * * 3-59/56...

Reducers not running In hunk search MR job

Hi, I am connecting to remote HDFS with hunk.I am having a problem while running search query - **index=ebg | stats sum(productprice) by profession** I am monitoring the MR job which is running for this query. It is completed successfully sometimes but fails otherwise and the exception is- **java.io.FileNotFoundException: File does not exist: /user/hduser/hunk/bundles/localhost.localdomain-1414603344.bundle** And in both the cases the **reducer is not working.No.of reducers is zero every tim...

Scheduled task running PowerShell script hangs in 'running' status

Hi all, I have a PowerShell script in Windows 2012 R2 which kills the Excel.exe process.... kill -processname excel When i manually run the script directly it happily kills the Excel.exe process. However when i run it from a scheduled task it immediatly kills the correct process but then just hangs in the 'running' status. This isnt a huge problem as for a setting i have chosen the task to stop if it runs for longer than an hour but does anyone have any idea why it does this? For the task i ha...

How to check status of scheduled task, if not running run - Powershell

I am looking for a Powershell script which checks to see if a specific scheduled task is running, and if not run the scheduled task. Any help will be very much appreciated, Happy Halloween all :0)...

Command to stop/finalize the running search forcefully

Hi I want identify the long running searches who are running more than 5 min and stop them. I'm able to find the long running searches from this command index=_internal source=*scheduler.log* run_time=* | table savedsearch_name, user, app, run_time, _time | sort - run_time But, I'm not able to find what is the way to stop them? Q1. Is there search command I can use to stop the running searches? Q2. Do I need to pass this result to script and call REST command to Splunkd to stop the running...

Scheduled searches "lost" between search head and peers

Seeking ideas on how to debug a case of "lost" scheduled searches. Configuration is a search head pool (of 2) and a cluster of peer indexers (2). At the moment, one of the indexers is offline, so all searches are directed at the remaining indexer. An examination of the scheduler.log on the two search heads shows that a scheduled search at :30 each hour is occurring, sometimes executing on one search head, sometimes on the other. A problem arises when an occasional result includes 0 events, tho...

How to debug and decipher errors in running my custom search command on Splunk 6.1.4?

I'm creating a command to expand system names based on a regex and a key. I realize this can be done inline but because it could be done for multiple fields I thought this might be a better solution. The idea is that you could pipe a search to this and have it expand names, sourcetype = whatever | expandname host,client The idea being that it will create fields based on the regex group names and the field name, so for example if there is a regex group called Site it would create fields l...

Using mean(x) in summary search run every 5 minutes - when running a report on summary index using mean(x) per day or month will that give same result?

Hi - I need to calculate the mean(response time) for at complete month based on summary index. The summary index search has to run every 5 minutes - selecting last 5 minutes of data. The search will look like this: Search.... |sistats mean(response time) by xxx yyyy www ttt The monthly report search will look like this: index=summary REPORT=MEANRESP|timechart span=1month mean(response time) QUESTION: Will the search run on the summary index give the same result as if I made the search run ...

Does disabling a service stop a scheduled task from running?

this is probably a dumb question, but if a service is disabled (HKLM\System\CurrentControlSet\Services), will that stop the scheduled task from running also? what if set to 'manual'?...

Design Apple Development Security Automobile Network Photography Health Money Travel Shopping Issues Operating systems Drivers Software Programming Tech Home Science Sport Solution