Re: Splunk Alert for specific time period

kpsajin · ‎04-04-2018

Hi, does anyone know how to create a realtime alert which should trigger the alert only from Thursday 6PM to Sunday 6AM and any other day between 6PM to 6 AM ?

the search query will be something similar to the below.

index=wineventlog sourcetype="WinEventLog:Security" EventCode=4625 user="Administrator"

I need to get an alert if this particular event occurs between Thursday 6PM to Sunday 6AM and any other day between 6PM to 6 AM.

Can this be done in a single alert or do we have to create multiple alerts with different cron schedules. ?

Looking forward to your suggestions.

Regards
Sajin

p_gurav · ‎04-04-2018

At what frequency alert is running?

kpsajin · ‎04-25-2018

should run in realtime. And only on weekends and non-working hours.

kmaron · ‎04-04-2018

You can only have 1 cron schedule per alert. So you will need multiple alerts.

kpsajin · ‎04-25-2018

have configured multiple alerts currently and wanted to find if it is possible in a single alert.

Splunk Alert for specific time period

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation