Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Enteprise Security Alert time range settings: How can I configure this time range?

SIEMStudent
Path Finder
‎03-14-2022 04:32 AM

Hi Splunkers,

I have to schedule a Saved Search in Splunk Enterprise Security that must be executed in a specific time range.
The task itself is not a problem; I followed  Configure > Content > Content Management -> Create new content -> Saved search and then, cause the search must sent a mail at every activation, I have chosen New Alert.

The problem is the required time range: this alert must detect some kind of activity performed outside job office hour, so 18:01 of current day - 08:59 of day after (this every day). 
So, for example, the search must be "active" starting from today at 18:01 until tomorrow at 08:59.

My doubt is: how can I configure this time range? 
This is the alert configuration window:

SIEMStudent_0-1647257574319.png

 

I thougth about using Crontab, but I'm not sure I can configure a time range wich has not the same day for starting and ending time.
I thougth also about the All time panel but I didn't find anithing that help me to configure this particular time range.

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-14-2022 04:57 AM 
* 0-8,18-23 * * *

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎03-14-2022 04:57 AM 
* 0-8,18-23 * * *
Reply
Solved! Jump to solution

SIEMStudent
Path Finder
‎03-16-2022 04:26 AM

It works, thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...