Alerting

Splunk Cloud - cron expresion for alert

dkgs
Communicator

Hello,

I need to schedule an alert in 2:30 AM to 4:00 AM in splunk alert. 

Please suggest the cron expression .

Thanks

Labels (4)
0 Karma

livehybrid
Contributor

Hi,

You'll need two alerts for this, as both the minutes and hours are different.

You could use:

30 2 * * * for 02:30am

0 4 * * * for 04:00am

I hope this helps!

Will

0 Karma

dkgs
Communicator

hi @livehybrid 

Thank you. But I need all the alerts between 2:30 AM to 4:00 AM.  How I should be the con expression in that case

0 Karma

livehybrid
Contributor

Is that on a schedule just between 2.30 and 4.00 AM?

e.g. every 5 minutes between those times?

0 Karma

dkgs
Communicator

@livehybrid  yes, every 5 minutes between 2.30 and 4.00 AM the alert needs to be triggered

0 Karma

soutamo
SplunkTrust
SplunkTrust

Hi

as one alert can utilise only one cron expression you must create separate alerts (even the search is same) for those.

1) 2:30 - 2:55; 30,35,40,45,50,55 2 * * *

2) 3:00 - 3:55; */5 3 * * *

3) 4:00; 0 4 * * *

r. Ismo

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.