Alerting

How to schedule alert every 3 hours?

gajananh999
Contributor

Dear All,

I am working on scheduling alert may i know how to schedule a alert in every 3 hours?

Thanks
Gajanna Hiroji

Tags (1)
0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

Use this cron schedule:

0 */3 * * *

That will run the alert at 00:00, 03:00, ..., 21:00. Make sure you don't have a huge bunching up around a specific minute if the minute isn't important to your report, so use maybe 1 */3 * * * for some and 2 */3 * * * for others.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

Use this cron schedule:

0 */3 * * *

That will run the alert at 00:00, 03:00, ..., 21:00. Make sure you don't have a huge bunching up around a specific minute if the minute isn't important to your report, so use maybe 1 */3 * * * for some and 2 */3 * * * for others.

ankireddy007
Path Finder

Hi,

You Can use cron schedule: Link below http://docs.splunk.com/Documentation/Splunk/6.0.1/Alert/Definescheduledalerts#Schedule_the_alert

It looks like:

*/5 * * * *       : Every 5 minutes
*/30 * * * *      : Every 30 minutes
0 */12 * * *      : Every 12 hours, on the hour
*/20  * * * 1-5   : Every 20 minutes, Monday through Friday
0 9 1-7 * 1       : First Monday of each month, at 9am.
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...