Solved: Trouble Scheduling Alert With Search For Specific ...

theironcook · ‎04-05-2017

For some reason, our network goes crazy every day from 2:30 to 2:35.
I'm trying to schedule a daily alert that will perform a search from 2:30 to 2:35 and report on that data if it's bad/slow.
I've created a daily scheduled alert that "Runs every day" at 15:00.

I then tried to specify my search with an "Advanced" time range of -30min for "Earliest" and -25min for "Latest" but Splunk doesn't like this.

How can I have an alert that is run daily that will only search for the specific time range of 2:30 - 2:35?

HiroshiSatoh · ‎04-05-2017

I was able to perform an alert. What is the problem?

Cron schedule：0 15 * * *

index=* earliest=-30m@m latest =-25m@m

alt text

View solution in original post

HiroshiSatoh · ‎04-05-2017

I was able to perform an alert. What is the problem?

Cron schedule：0 15 * * *

index=* earliest=-30m@m latest =-25m@m

alt text

theironcook · ‎04-10-2017

Thank you Hiroshi,
Yes, if I use the chron syntax everything works well. The issue was when I tried to use the "Run every day of the week" option and specify a time.
But the chron syntax works perfectly. Thank you.

Trouble Scheduling Alert With Search For Specific Time Range

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting