Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Did the cron scheduler change between versions?

jeffbat
Path Finder
‎04-02-2019 10:38 AM

We just recently upgraded from Splunk 6.6.3 to 7.2.4.1 and noticed a change to one of our alerts based on its cron schedule.

The cron schedule for the alert is set to this:

3 21 1-7,15-24 * 0

Before the upgrade, this was working to send out the alert the 1st and 3rd Sundays of the month.

After the upgrade, this is now sending out on the Sunday AND every day between the 1st-7th and we figure will also send every day from the 15th-24th.

Did the cron scheduler get changed in the version upgrade?

Also, where can I find what cron version Splunk is utilizing?

For now we change changed the cron schedule to send out on the 1st and 15th, so it will only send twice a month but would like it to just be every other Sunday.

Thanks.

Reply

the0duke0
Path Finder
‎05-06-2019 03:25 AM

We just upgraded from 7.1.x to 7.2.5.1 and we have noticed a similar behavior. Previously 20 15 1-7 * 3 would fire the first Wednesday of the month at 15:20. It is now firing every Wednesday AND the first seven days of the month at 1520. I don't see any release notes with 7.2 about cron changes, but it seems there was some change.

0 Karma
Reply

teunlaan
Contributor
‎05-06-2019 04:30 AM

They fixed some cron issues in v 7.2.3. So it could be your cron's a now behaving in an other way then before

Blockquote 2018-12-21 SPL-164242, SPL-164210 A search scheduled to run monthly or weekly may run daily. "Next Scheduled Time" is incorrect due to cron parsing issue

But it looks like they didn't fix it, or broke something else
Did you file a Bug?

0 Karma
Reply

tom_frotscher
Builder
‎05-06-2019 03:49 AM

Just as a quick tip, the website crontab guru is very useful to create and manage cron schedules.
For your example: https://crontab.guru/#3_21_1-7,15-24_*_0

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...