Alerting

How to schedule alert from 8PM to 11PM in splunk cloud?

Supriya
Path Finder

Hi,

I need to schedule an alert every 2 minute in between 8PM to 11PM in splunk cloud.

Anyone could help please

Labels (4)
Tags (3)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @Supriya,

what's your need:

  • create the alert,
  • schedule it,
  • or what else?

to create an alert you have to create your search and save it as an alert following the guided procedure:

  • in the search insert the time frame,
  • then save as an alert,
  • and insert informatyions in:
  • Settings,
  • trigger conditions,
  • trigger actions

to schedule it, you can use this cron expression:

 

*/2 20-22 * * *

 

Ciao.

Giuseppe

View solution in original post

0 Karma

thambisetty
Super Champion

@Supriya 

 

*/2 20-22 * * *

————————————
If this helps, give a like below.
0 Karma

Supriya
Path Finder

@thambisetty 

Could you please help me with the cron expression to schedule from 11 PM CET to 12:30 AM CET

0 Karma

thambisetty
Super Champion

What is the interval?

how frequently you want to run search between the times you mentioned?

Best site to learn cronjobs 

https://crontab.guru/#*/2_20-22_*_*_*

————————————
If this helps, give a like below.
0 Karma

Supriya
Path Finder

@thambisetty 

every 5 min in between 11 PM to 12:30 AM

Tags (1)
0 Karma

thambisetty
Super Champion

Tried a lot to have single cron, but I couldn’t find one
may be you need to create two reports with same search and use two different crons mentioned below:

*/5 23 * * *

0,5,10,15,20,25,30 00 * * * or 0-30/5 00 * * *

————————————
If this helps, give a like below.

gcusello
SplunkTrust
SplunkTrust

Hi at all,

the rule to create a cron expression is fully described at https://crontab.guru/ or at https://it.wikipedia.org/wiki/Crontab

the sequence is: minute hour day(month) month day(week)

you can use:

* any value

,  list separator

- range of values

/ step values

so if you want all minutes you use * in the first position,

if you want every five minutes you use */5 in the first position,

if you want from 8.00 to 18.00 you use 8-17 in the second position.

 

Ciao.

Giuseppe

P.S.: karma Points are appreciated 😉

gcusello
SplunkTrust
SplunkTrust

Hi at all,

with this cron scedule the alert is running from 20.00 to 23.58 not to 22.58.

Ciao.

Giuseppe

0 Karma

Supriya
Path Finder

@gcusello  yes this(*/2 20-23 * * *) is running from 20.00 to 23.58 not to 22.58.

But I need to run till 22.58

0 Karma

thambisetty
Super Champion

Yes. You are right. Updated.

————————————
If this helps, give a like below.
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Supriya,

what's your need:

  • create the alert,
  • schedule it,
  • or what else?

to create an alert you have to create your search and save it as an alert following the guided procedure:

  • in the search insert the time frame,
  • then save as an alert,
  • and insert informatyions in:
  • Settings,
  • trigger conditions,
  • trigger actions

to schedule it, you can use this cron expression:

 

*/2 20-22 * * *

 

Ciao.

Giuseppe

View solution in original post

0 Karma

Supriya
Path Finder

@gcusello 

Thanks for your prompt response!

This is working fine.

Also, could you please help with another cron expression for the schedule in between 8 PM to 11:30 PM.

 

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!