Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can we schedule an alert with irregular times to run?

danielbb
Motivator
‎03-13-2020 12:55 PM

We have cases where we need to run an alert at 8 am on Monday and at 9 am on Tuesday, meaning, at irregular times.
Is there a way to specify such cases using the cron way or some other method?

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎03-13-2020 02:20 PM

Create a super-set cron covering of all of the times and then add logic to your SPL to short-circuit your search so that it errors on those times that aren't supposed to run. See my unaccepted answer here ( UpVotes appreciated):

https://answers.splunk.com/answers/172541/is-it-possible-to-purposely-cause-a-scheduled-sear.html

Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...