Can someone help with with a cron expression that ...

jackin · ‎11-23-2021

Can anyone help on cron expression

Query runs every 15min from 8:15am to 6pm Monday to Friday

PickleRick · ‎11-23-2021

I already told you in https://community.splunk.com/t5/Security/Cron-Expression-for-scheduled-Alert/m-p/575364 - there's no single cron schedule that will cover all the "uneven boundaries".

gcusello · ‎11-23-2021

Hi @jackin,

please try this:

*/15 8-18 * * 1-5

Ciao.

Giuseppe

abazgwa21cz · ‎12-25-2022

How can I configure a CRON expression such that an alert was sent each 2hours in a day, and every day in weeks. ??
Many thanks !!!

gcusello · ‎12-25-2022

HI @abazgwa21cz,

sorry but it isn't so clear:

do you want a cron expression to run alert every 2 hours in a day, an this is clear, but what do you mean with " and every day in a week"?

do you mean every 2 hours in working days (Mon-Fri) and one time in the Week end or what else?

In general, it isn't a good idea attach a new question to another one, because less people will answer you, opening a new question it's better.

Ciao.

Giuseppe

jackin · ‎11-23-2021

@gcusello

Thanks man but

*/15 8-18 * * 1-5

we are running the query evey 15min and it should took last 15min data .It means query started running at 8am it took the data from 7:45am but we need from 8am data.

gcusello · ‎11-23-2021

Hi @jackin,

in the cron expression you can only define these parameters, you could exclude data before 8.00 in the main search (e.g. time_hours>7).

Ciao.

Giuseppe

isoutamo · ‎11-23-2021

Another option is add additional cron entries for those first/last hours where you are needing other start times than in other hours.

Can someone help with with a cron expression that runs every 15min from 8:15am to 6pm Monday to Friday?

cron

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform