Re: Splunk Alert for specific time period

kpsajin · ‎04-04-2018

Hi, does anyone know how to create a realtime alert which should trigger the alert only from Thursday 6PM to Sunday 6AM and any other day between 6PM to 6 AM ?

the search query will be something similar to the below.

index=wineventlog sourcetype="WinEventLog:Security" EventCode=4625 user="Administrator"

I need to get an alert if this particular event occurs between Thursday 6PM to Sunday 6AM and any other day between 6PM to 6 AM.

Can this be done in a single alert or do we have to create multiple alerts with different cron schedules. ?

Looking forward to your suggestions.

Regards
Sajin

p_gurav · ‎04-04-2018

At what frequency alert is running?

kpsajin · ‎04-25-2018

should run in realtime. And only on weekends and non-working hours.

kmaron · ‎04-04-2018

You can only have 1 cron schedule per alert. So you will need multiple alerts.

kpsajin · ‎04-25-2018

have configured multiple alerts currently and wanted to find if it is possible in a single alert.

Splunk Alert for specific time period

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Data Persistence in the OpenTelemetry Collector

Thanks for the Memories! Splunk University, .conf25, and our Community

Are you a member of the Splunk Community?

Splunk Alert for specific time period

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Data Persistence in the OpenTelemetry Collector

Thanks for the Memories! Splunk University, .conf25, and our Community