- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- Alert for monthly reporting
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to set the alert to run from 26 of last month to 25 of current month. Say example,
Every month at day 1 I will run monthly report, for the run on December month the period should be 26th of October to 25th of November.
Please guide on the same.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can set the earliest and latest time as per your requirement and run it on specific schedule. For running search query over period of 26th day to 25th day you can set the time as follows:
earliest : -2mon@mon+25d
latest: -mon@mon+25d
For further information refer http://docs.splunk.com/Documentation/Splunk/7.0.0/Search/Specifytimemodifiersinyoursearch.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can set the earliest and latest time as per your requirement and run it on specific schedule. For running search query over period of 26th day to 25th day you can set the time as follows:
earliest : -2mon@mon+25d
latest: -mon@mon+25d
For further information refer http://docs.splunk.com/Documentation/Splunk/7.0.0/Search/Specifytimemodifiersinyoursearch.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@hardikJsheth
Awesome! This is what I was looking for! Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To start with , alert and report are two different knowledge objects in Splunk. An alert will be generated only when specific condition like number of results etc are met. Where as a report is the result of your query and can be viewed similar to a dashboard, it can also be scheduled as mail and the results will be mailed to you.
Assuming your question is about alerts, there are two ways in which you can set it up.
- Run the query for the desired time range (in your case the complete month) and then on the top right corner of search bar click on save as alert and in that you will be required to give the schedule viz is when you want splunk to run the query for you (in your case 1st of every month)
- Alternatively you can go to settings -> Searches, reports, and alerts in that new alert and provide the same info. Here also time range is your range for which you want splunk to run query and schedule is when you want it to run.
Coming to reports create the report in the same way, once you have created the report , find it in settings -> Searches, reports, and alerts and click on edit and schedule the report to run on the specific time you want it to run
Enterprise Security Content Update (ESCU) | New Releases
Index This | Divide 100 by half. What do you get?
Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!
