Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I configure an alert every 10 minutes with a delay?

adzg
Engager
‎01-04-2022 12:41 PM

I need to make sure that a file is delivered every 10 minutes.  It always arrives 5 seconds after the top of the 10 min mark (6:00:05, 6:10:05... 6:50:05, 7:00:05 etc.)  between 6am-3pm on weekdays.  

This is the closest thing I've been able to come up with

 

*/11 6-15 * * 1-5

 

I can't use */10 because the file arrives 5 seconds after the 10 minute marks, so I used 11 and set the time range as 5 minutes so that last run of the hour catches the XX:50:05 file.  The problem is that this solution always misses the first file that arrives at the top of the hour (XX:00:05) since it runs every 11 minutes.   For whatever reason, at the beginning of each hour it runs immediately but then misses the first file since the file arrives 5 seconds later. 

Can anyone think of a better solution or do I just have to create a second alert for those top-of-the-hour files? I can't seem to find a way to delay the search by a few seconds.  And how can I mute the erroneous triggers from the first alert?

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-04-2022 01:06 PM

The cron form */11 says to run at minute zero and every 11 minutes until minute 59.  To run at minute 1 and every 10 minutes after that, use this expression.

1,11,21,31,41,51 6-15 * * 1-5
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-04-2022 01:06 PM

The cron form */11 says to run at minute zero and every 11 minutes until minute 59.  To run at minute 1 and every 10 minutes after that, use this expression.

1,11,21,31,41,51 6-15 * * 1-5
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎01-04-2022 01:04 PM

Try this

 

1-59/11 6-15 * * 1-5

 

At every 11th minute from 1 through 59 past every hour from 6 through 15 on every day-of-week from Monday through Friday.
next at 2022-01-05 06:01:00
then at 2022-01-05 06:12:00
then at 2022-01-05 06:23:00
then at 2022-01-05 06:34:00
then at 2022-01-05 06:45:00
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...