Splunk Cloud - cron expresion for alert

dkgs · ‎08-10-2020

Hello,

I need to schedule an alert in 2:30 AM to 4:00 AM in splunk alert.

Please suggest the cron expression .

Thanks

livehybrid · ‎08-10-2020

Hi,

You'll need two alerts for this, as both the minutes and hours are different.

You could use:

30 2 * * * for 02:30am

0 4 * * * for 04:00am

I hope this helps!

Will

dkgs · ‎08-10-2020

Thank you. But I need all the alerts between 2:30 AM to 4:00 AM. How I should be the con expression in that case

livehybrid · ‎08-11-2020

Is that on a schedule just between 2.30 and 4.00 AM?

e.g. every 5 minutes between those times?

dkgs · ‎08-11-2020

@livehybrid yes, every 5 minutes between 2.30 and 4.00 AM the alert needs to be triggered

isoutamo · ‎08-11-2020

Hi

as one alert can utilise only one cron expression you must create separate alerts (even the search is same) for those.

1) 2:30 - 2:55; 30,35,40,45,50,55 2 * * *

2) 3:00 - 3:55; */5 3 * * *

3) 4:00; 0 4 * * *

r. Ismo