Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Did the cron scheduler change between versions?

jeffbat
Path Finder
‎04-02-2019 10:38 AM

We just recently upgraded from Splunk 6.6.3 to 7.2.4.1 and noticed a change to one of our alerts based on its cron schedule.

The cron schedule for the alert is set to this:

3 21 1-7,15-24 * 0

Before the upgrade, this was working to send out the alert the 1st and 3rd Sundays of the month.

After the upgrade, this is now sending out on the Sunday AND every day between the 1st-7th and we figure will also send every day from the 15th-24th.

Did the cron scheduler get changed in the version upgrade?

Also, where can I find what cron version Splunk is utilizing?

For now we change changed the cron schedule to send out on the 1st and 15th, so it will only send twice a month but would like it to just be every other Sunday.

Thanks.

Reply

the0duke0
Path Finder
‎05-06-2019 03:25 AM

We just upgraded from 7.1.x to 7.2.5.1 and we have noticed a similar behavior. Previously 20 15 1-7 * 3 would fire the first Wednesday of the month at 15:20. It is now firing every Wednesday AND the first seven days of the month at 1520. I don't see any release notes with 7.2 about cron changes, but it seems there was some change.

0 Karma
Reply

teunlaan
Contributor
‎05-06-2019 04:30 AM

They fixed some cron issues in v 7.2.3. So it could be your cron's a now behaving in an other way then before

Blockquote 2018-12-21 SPL-164242, SPL-164210 A search scheduled to run monthly or weekly may run daily. "Next Scheduled Time" is incorrect due to cron parsing issue

But it looks like they didn't fix it, or broke something else
Did you file a Bug?

0 Karma
Reply

tom_frotscher
Builder
‎05-06-2019 03:49 AM

Just as a quick tip, the website crontab guru is very useful to create and manage cron schedules.
For your example: https://crontab.guru/#3_21_1-7,15-24_*_0

0 Karma
Reply
Get Updates on the Splunk Community!

Community Content Calendar, November Edition

Welcome to the November edition of our Community Spotlight! Each month, we dive into the Splunk Community to ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...