Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I configure an alert every 10 minutes with a delay?

adzg
Engager
‎01-04-2022 12:41 PM

I need to make sure that a file is delivered every 10 minutes.  It always arrives 5 seconds after the top of the 10 min mark (6:00:05, 6:10:05... 6:50:05, 7:00:05 etc.)  between 6am-3pm on weekdays.  

This is the closest thing I've been able to come up with

 

*/11 6-15 * * 1-5

 

I can't use */10 because the file arrives 5 seconds after the 10 minute marks, so I used 11 and set the time range as 5 minutes so that last run of the hour catches the XX:50:05 file.  The problem is that this solution always misses the first file that arrives at the top of the hour (XX:00:05) since it runs every 11 minutes.   For whatever reason, at the beginning of each hour it runs immediately but then misses the first file since the file arrives 5 seconds later. 

Can anyone think of a better solution or do I just have to create a second alert for those top-of-the-hour files? I can't seem to find a way to delay the search by a few seconds.  And how can I mute the erroneous triggers from the first alert?

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-04-2022 01:06 PM

The cron form */11 says to run at minute zero and every 11 minutes until minute 59.  To run at minute 1 and every 10 minutes after that, use this expression.

1,11,21,31,41,51 6-15 * * 1-5
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-04-2022 01:06 PM

The cron form */11 says to run at minute zero and every 11 minutes until minute 59.  To run at minute 1 and every 10 minutes after that, use this expression.

1,11,21,31,41,51 6-15 * * 1-5
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎01-04-2022 01:04 PM

Try this

 

1-59/11 6-15 * * 1-5

 

At every 11th minute from 1 through 59 past every hour from 6 through 15 on every day-of-week from Monday through Friday.
next at 2022-01-05 06:01:00
then at 2022-01-05 06:12:00
then at 2022-01-05 06:23:00
then at 2022-01-05 06:34:00
then at 2022-01-05 06:45:00
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...