How to schedule an alert with cron to run every 15...

thearchies · ‎11-10-2016

I want to schedule an alert to run, beginning on Sunday at 10:00am, runs every 15 minutes for the previous 15 minutes, and stops running on Saturday at 18:00. I don't want it to run during Saturday 18:01 thru Sunday 9:59. Would I need to set-up 3 different alerts - a Saturday, a Sunday and a Monday-Friday? (New to Splunk).

Thanks for your help!

SierraX · ‎11-11-2016

Hi,

one alone with cron, seems not possible.

3 alerts are the easiest for this case

Maybe also over:
Alarm condition: if custom condition is met (for this I need a while to think about)
or
Over an external script which activate, deactivate the scheduled saved search.

Kind Regards
SierraX

TStrauch · ‎11-11-2016

Hi,

this is more a cronjob question than a splunk one. But its simple. You can´t to it by defining a single cronjob like * * * *.

On linux site for example you need to have an extra script for doing this, or need to to it in 3 cronjob definitions.

I think the fastet way to do it is to set up the three alerts. It is not shiny but it works.

kind regards

How to schedule an alert with cron to run every 15 minutes beginning on Sunday at 10:00 and ending on Saturday at 18:00?

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

How to schedule an alert with cron to run every 15 minutes beginning on Sunday at 10:00 and ending on Saturday at 18:00?

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers