Alerting

cron notation for Bi-Weekly schedule alert in Splunk

rsathish47
Contributor

Hi All,

Cron notation for Bi-Weekly schedule alert in Splunk ?

 * * */2 * * === Is this works?

Thanks
Sathish R

Tags (2)
0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi rsathish47,

No, because the third * does not represent week.

The following cron parameters:

* * * * *

correspond to:

minute hour day month day-of-week

This is un-tested, but I think something like this could work:

00 06 1-7,15-21 * 1

This would run every second week on Monday at 06:00 am.

Hope this helps...

cheers, MuS

View solution in original post

MuS
SplunkTrust
SplunkTrust

Hi rsathish47,

No, because the third * does not represent week.

The following cron parameters:

* * * * *

correspond to:

minute hour day month day-of-week

This is un-tested, but I think something like this could work:

00 06 1-7,15-21 * 1

This would run every second week on Monday at 06:00 am.

Hope this helps...

cheers, MuS

nivedita_viswan
Path Finder

That does not make it Bi-weekly, does it?
Since we have specified 1-7, 15-21 as the days, consecutive reports may have a gap of 3 weeks.
Take the month of November 2015. The report will run on
2nd Nov, 16th November (2 weeks between 2nd Nov and 16th Nov) and then only on 7th December (3 weeks between 16th Nov and 7th Dec)

0 Karma

MuS
SplunkTrust
SplunkTrust

Well, this is a generic example and does not cover all month. You have to adjust it to your needs, if it really has to be every second week, because the interval will change over the months and this would end up in some if-then crontab which will be not easy to manage.

For example one for January 2016:

 * 06 1-7,15-21,29-31 1 0

But for February 2016 only run it like this, if it was last run in January on the 30th:

* 06 12-19 2 0

otherwise run it like this (based on January / February 2014 combination):

* 06 1-7,15-21 2 0

Good luck in keeping this clean and I'm sure if you search hard enough there are even more confusing combinations possible.

Make it easy, simple and straight forward; run it forthrightly

* 06 1,15 * *

Yes, I know this will also not provide a precise 2 weeks interval!

0 Karma

rsathish47
Contributor

Thank you Mus, I will try

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...