https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321083#M59903 <P>You're going to need four separate alerts for that because each one has a different trigger time and a different earliest/latest setting. </P> Thu, 05 Apr 2018 14:18:34 GMT kmaron 2018-04-05T14:18:34Z https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321076#M59896 <P>Have to set alert for three different timestamp?</P> <P>ex: 4am to 7am , 9am to 2 pm,5pm to 10pm</P> <P>Thanks<BR /> Karthi</P> Thu, 05 Apr 2018 13:30:25 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321076#M59896 karthi2809 2018-04-05T13:30:25Z https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321077#M59897 <P>you should be able to use a cron schedule for that</P> <PRE><CODE>0 4-7,9-14,17-22 * * * </CODE></PRE> <P>from crontab.guru: “At minute 0 past every hour from 4 through 7, every hour from 9 through 14, and every hour from 17 through 22.”</P> Thu, 05 Apr 2018 13:35:17 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321077#M59897 kmaron 2018-04-05T13:35:17Z https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321078#M59898 <P>If your alert is running every 30mins, then :</P> <PRE><CODE>0/30 4-7,9-14,17-22 * * * </CODE></PRE> Thu, 05 Apr 2018 13:37:58 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321078#M59898 p_gurav 2018-04-05T13:37:58Z https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321079#M59899 <P>Hi This is the time frame</P> <P>Morning 9 AM , 1 PM and 4 PM.</P> <P>Morning 9 AM : Cycle will be previous day 4 PM to Today 9 AM</P> <P>Afternoon 1 Pm : Cycle will be 9 AM to 12.59 PM</P> <P>Evening 4 PM : Cycle will be 1 PM to 3.59 PM</P> Thu, 05 Apr 2018 13:48:56 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321079#M59899 karthi2809 2018-04-05T13:48:56Z https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321080#M59900 <P>Do you mean this:</P> <PRE><CODE>Morning 9 AM : Cycle will be previous day 4 PM to Today 9 AM 0 9 * * * and search for -17h to now() Afternoon 1 Pm : Cycle will be 9 AM to 12.59 PM 0 13 * * * and search for -4h to now() Evening 4 PM : Cycle will be 1 PM to 3.59 PM 0 16 * * * and search for -3h to now() </CODE></PRE> Thu, 05 Apr 2018 13:57:24 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321080#M59900 p_gurav 2018-04-05T13:57:24Z https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321081#M59901 <P>i need in single alert </P> Thu, 05 Apr 2018 14:03:40 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321081#M59901 karthi2809 2018-04-05T14:03:40Z https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321082#M59902 <P>what is earliest and latest time </P> Thu, 05 Apr 2018 14:15:15 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321082#M59902 karthi2809 2018-04-05T14:15:15Z https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321083#M59903 <P>You're going to need four separate alerts for that because each one has a different trigger time and a different earliest/latest setting. </P> Thu, 05 Apr 2018 14:18:34 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-set-alert-for-three-different-timestamp-in-Splunk/m-p/321083#M59903 kmaron 2018-04-05T14:18:34Z