Alerting

How to schedule alert from 8PM to 11PM in splunk cloud?

Supriya
Path Finder

Hi,

I need to schedule an alert every 2 minute in between 8PM to 11PM in splunk cloud.

Anyone could help please

Labels (4)
Tags (3)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @Supriya,

what's your need:

  • create the alert,
  • schedule it,
  • or what else?

to create an alert you have to create your search and save it as an alert following the guided procedure:

  • in the search insert the time frame,
  • then save as an alert,
  • and insert informatyions in:
  • Settings,
  • trigger conditions,
  • trigger actions

to schedule it, you can use this cron expression:

 

*/2 20-22 * * *

 

Ciao.

Giuseppe

View solution in original post

0 Karma

thambisetty
SplunkTrust
SplunkTrust

@Supriya 

 

*/2 20-22 * * *

————————————
If this helps, give a like below.
0 Karma

Supriya
Path Finder

@thambisetty 

Could you please help me with the cron expression to schedule from 11 PM CET to 12:30 AM CET

0 Karma

thambisetty
SplunkTrust
SplunkTrust

What is the interval?

how frequently you want to run search between the times you mentioned?

Best site to learn cronjobs 

https://crontab.guru/#*/2_20-22_*_*_*

————————————
If this helps, give a like below.
0 Karma

Supriya
Path Finder

@thambisetty 

every 5 min in between 11 PM to 12:30 AM

Tags (1)
0 Karma

thambisetty
SplunkTrust
SplunkTrust

Tried a lot to have single cron, but I couldn’t find one
may be you need to create two reports with same search and use two different crons mentioned below:

*/5 23 * * *

0,5,10,15,20,25,30 00 * * * or 0-30/5 00 * * *

————————————
If this helps, give a like below.

gcusello
SplunkTrust
SplunkTrust

Hi at all,

the rule to create a cron expression is fully described at https://crontab.guru/ or at https://it.wikipedia.org/wiki/Crontab

the sequence is: minute hour day(month) month day(week)

you can use:

* any value

,  list separator

- range of values

/ step values

so if you want all minutes you use * in the first position,

if you want every five minutes you use */5 in the first position,

if you want from 8.00 to 18.00 you use 8-17 in the second position.

 

Ciao.

Giuseppe

P.S.: karma Points are appreciated 😉

gcusello
SplunkTrust
SplunkTrust

Hi at all,

with this cron scedule the alert is running from 20.00 to 23.58 not to 22.58.

Ciao.

Giuseppe

0 Karma

Supriya
Path Finder

@gcusello  yes this(*/2 20-23 * * *) is running from 20.00 to 23.58 not to 22.58.

But I need to run till 22.58

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Yes. You are right. Updated.

————————————
If this helps, give a like below.
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Supriya,

what's your need:

  • create the alert,
  • schedule it,
  • or what else?

to create an alert you have to create your search and save it as an alert following the guided procedure:

  • in the search insert the time frame,
  • then save as an alert,
  • and insert informatyions in:
  • Settings,
  • trigger conditions,
  • trigger actions

to schedule it, you can use this cron expression:

 

*/2 20-22 * * *

 

Ciao.

Giuseppe

0 Karma

Supriya
Path Finder

@gcusello 

Thanks for your prompt response!

This is working fine.

Also, could you please help with another cron expression for the schedule in between 8 PM to 11:30 PM.

 

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...