Is it only possible to schedule alerts 'on the hour' i.e. at 12pm, 1pm.. etc ? I'd like to use precise timing like 2:15pm , 2:37pm etc , but am not able to do so. On the 'Edit Alert' page, for 'Schedule on' input , I only see round hours for time .
The reason behind requiring precise timings is a long-detailed explanation to list here; suffice it to say that the interesting events I want to monitor are expected within few minutes of each other (generally 2-10 minutes) in a specific order. So granularity of an hour is not sufficient. I don't need precision to a second, but a minute would be required.
So should be able to setup alerts like,
Alert 1 - check at 12:30
Alert 2 - check at 12:35
Alert 3 - check at 12:38
You should be able to select a cron schedule. This format will give you the flexibility you need.
For reference: http://en.wikipedia.org/wiki/Cron
http://docs.splunk.com/Documentation/Splunk/6.0.3/Alert/Definescheduledalerts#Schedule_the_alert
If you choose a schedule type of "cron" you can give it more complex patterns. For example, if you wanted the report to run once per hour at 17 minutes after the hour, then choose "cron" and use this string:
17 * * * *
If you wanted it to run every 15 minutes:
*/15 * * * *
ecambra_splunk's answer (Cron scheduling) does what I need... I was hoping this was available through UI though. Wonder what's the motive of not just giving that option..
You should be able to select a cron schedule. This format will give you the flexibility you need.
For reference: http://en.wikipedia.org/wiki/Cron
http://docs.splunk.com/Documentation/Splunk/6.0.3/Alert/Definescheduledalerts#Schedule_the_alert