Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do I create an alert using a cron schedule for weekdays as well as weekends?

tkmads1
Explorer
‎09-29-2015 01:57 AM

How do I create an alert using cron for following time frame?

Alert should run as follows:

Monday to Friday - 7 AM CST to 7 PM CST
Saturday - 7 AM CST to 4 PM CST

Tags (3)
Reply

vishnuedara
New Member
‎07-17-2019 02:58 PM

,HI ,

I would like to schedule Cron Job that has period from 6pm of first day to 4 am of second day. I have checked multiple splunk documentations and blogs but couldn't able to find right way to do it. it looks like it takes with in 0-23 hrs of single day.Could some one help with this?

0 Karma
Reply

gcato
Contributor
‎09-29-2015 12:58 PM

Hi tikmads,

As maciep states it would be easiest to schedule two alerts. Just create one alert, clone it, then alter the cron schedule. You could also use a report for the alert search allowing you to change the saved search (report) in one place.

The cron syntax is:

 0 7-19 * * 1-5  (run hourly, 7am-7pm inclusive, Mon-Fri) 
 0 7-16 * * 6  (run hourly, 7am-4pm inclusive, Saturday)

There are plenty of cron websites out there and Splunk's cron documentation can be found here
http://docs.splunk.com/Documentation/Splunk/6.2.5/Alert/Definescheduledalerts#Use_cron_notation_for_...

It would be possible to have just one alert and then use the search to filter out results based on day and time etc. Look here for an example: http://answers.splunk.com/answers/180682/how-to-write-a-cron-schedule-for-a-single-alert-to.html
Doing this may potentially add unnecessary complication to your search however, and run searches when it's not necessary to.

Hope this helps.

Reply

maciep
Champion
‎09-29-2015 08:24 AM

my cron skills aren't that good, but instead was wondering why not just make two separate alerts? Since it does seem like those are two different schedules. Just a thought....

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...