I want to schedule an alert to run, beginning on Sunday at 10:00am, runs every 15 minutes for the previous 15 minutes, and stops running on Saturday at 18:00. I don't want it to run during Saturday 18:01 thru Sunday 9:59. Would I need to set-up 3 different alerts - a Saturday, a Sunday and a Monday-Friday? (New to Splunk).
Thanks for your help!
Hi,
one alone with cron, seems not possible.
3 alerts are the easiest for this case
Maybe also over:
Alarm condition: if custom condition is met (for this I need a while to think about)
or
Over an external script which activate, deactivate the scheduled saved search.
Kind Regards
SierraX
Hi,
this is more a cronjob question than a splunk one. But its simple. You can´t to it by defining a single cronjob like * * * *.
On linux site for example you need to have an extra script for doing this, or need to to it in 3 cronjob definitions.
I think the fastet way to do it is to set up the three alerts. It is not shiny but it works.
kind regards