Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert for monthly reporting

Kwip
Contributor
‎12-03-2017 10:04 PM

How to set the alert to run from 26 of last month to 25 of current month. Say example,
Every month at day 1 I will run monthly report, for the run on December month the period should be 26th of October to 25th of November.

Please guide on the same.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎12-04-2017 01:36 AM

You can set the earliest and latest time as per your requirement and run it on specific schedule. For running search query over period of 26th day to 25th day you can set the time as follows:

earliest : -2mon@mon+25d
latest: -mon@mon+25d

For further information refer http://docs.splunk.com/Documentation/Splunk/7.0.0/Search/Specifytimemodifiersinyoursearch.

View solution in original post

Reply
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎12-04-2017 01:36 AM

You can set the earliest and latest time as per your requirement and run it on specific schedule. For running search query over period of 26th day to 25th day you can set the time as follows:

earliest : -2mon@mon+25d
latest: -mon@mon+25d

For further information refer http://docs.splunk.com/Documentation/Splunk/7.0.0/Search/Specifytimemodifiersinyoursearch.

Reply
Solved! Jump to solution

Kwip
Contributor
‎12-04-2017 10:28 PM

@hardikJsheth

Awesome! This is what I was looking for! Thank you!

0 Karma
Reply
Solved! Jump to solution

kunalmao
Communicator
‎12-04-2017 12:31 AM

To start with , alert and report are two different knowledge objects in Splunk. An alert will be generated only when specific condition like number of results etc are met. Where as a report is the result of your query and can be viewed similar to a dashboard, it can also be scheduled as mail and the results will be mailed to you.

Assuming your question is about alerts, there are two ways in which you can set it up.

  • Run the query for the desired time range (in your case the complete month) and then on the top right corner of search bar click on save as alert and in that you will be required to give the schedule viz is when you want splunk to run the query for you (in your case 1st of every month)
  • Alternatively you can go to settings -> Searches, reports, and alerts in that new alert and provide the same info. Here also time range is your range for which you want splunk to run query and schedule is when you want it to run.

Coming to reports create the report in the same way, once you have created the report , find it in settings -> Searches, reports, and alerts and click on edit and schedule the report to run on the specific time you want it to run

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...