Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Alert for specific time period

kpsajin
Explorer
‎04-04-2018 12:47 AM

Hi, does anyone know how to create a realtime alert which should trigger the alert only from Thursday 6PM to Sunday 6AM and any other day between 6PM to 6 AM ?

the search query will be something similar to the below.

index=wineventlog sourcetype="WinEventLog:Security" EventCode=4625 user="Administrator"

I need to get an alert if this particular event occurs between Thursday 6PM to Sunday 6AM and any other day between 6PM to 6 AM.

Can this be done in a single alert or do we have to create multiple alerts with different cron schedules. ?

Looking forward to your suggestions.

Regards
Sajin

Reply

p_gurav
Champion
‎04-04-2018 06:02 AM

At what frequency alert is running?

0 Karma
Reply

kpsajin
Explorer
‎04-25-2018 01:46 AM

should run in realtime. And only on weekends and non-working hours.

0 Karma
Reply

kmaron
Motivator
‎04-04-2018 05:51 AM

You can only have 1 cron schedule per alert. So you will need multiple alerts.

0 Karma
Reply

kpsajin
Explorer
‎04-25-2018 01:47 AM

have configured multiple alerts currently and wanted to find if it is possible in a single alert.

0 Karma
Reply
Get Updates on the Splunk Community!

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Community Content Calendar, October Edition

Welcome to the October edition of our Community Spotlight! The Splunk Community is a treasure trove of ...