jrzmurray
commented
3 months ago Hi Bob, what version of Splunk are you running? Did this run okay with a prior Splunk version, or Export Everything version? If so, which versions? Since this seems to think there is a terminated search, can you please send me the search.log file for the search you ran to export the data?
Also, please let me know if the Browse functionality to your configured SFTP server works for you in the App Setup page.
From: Bob Thorman @.> Date: Monday, April 15, 2024 at 2:50 PM To: deductiv/export_everything @.> Cc: Subscribed @.***> Subject: [deductiv/export_everything] CRITICAL Search terminated prematurely. No data was exported. (Issue #54)
I’ve installed v2.4.0 for a SFTP transfer that has been running for months and now will not export. The runas user has all the capabilities mentioned in the splunkbase details. Every run ends with this log.
2024-04-15 13:45:38,102 search_ep_sftp[628582] CRITICAL Search terminated prematurely. No data was exported.
Without the | epsftp command the search produces the expected output.
export_everything_debug.loghttps://github.com/deductiv/export_everything/files/14983184/export_everything_debug.log
— Reply to this email directly, view it on GitHubhttps://github.com/deductiv/export_everything/issues/54, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA7NPAUJDEUO5FPKX36Q2WDY5QOPZAVCNFSM6AAAAABGH4X7K2VHI2DSMVQWIX3LMV43ASLTON2WKOZSGI2DIMZYGYZTMMA. You are receiving this because you are subscribed to this thread.Message ID: @.***>
thormanrd
I’ve installed v2.4.0 for a SFTP transfer that has been running for months and now will not export. The runas user has all the capabilities mentioned in the splunkbase details. Every run ends with this log.
2024-04-15 13:45:38,102 search_ep_sftp[628582] CRITICAL Search terminated prematurely. No data was exported.
Without the | epsftp command the search produces the expected output.
export_everything_debug.log