- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- how to execute a search everyday and every 8 hours
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how to execute a search everyday and every 8 hours
I have three teams in industrial company, the first starts work at 6am, the second at 2pm, and the third at 10pm, the working time of each team is 8 hours, I wanted to count the amount carried out each team with a dynamic way, at each start of the team the counting starts again in a single dashboard.
Please can you help me how to do this query
i'm a beginner in splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You may try crontab syntax generator like https://www.crontab-generator.org/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You may try crontab syntax generator like https://www.crontab-generator.org/.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After creating the Alert, Select Run on Cron Schedule with * 6,14,22 * *
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you for your answer SathyaNarayanan ,
I want to execute it in dashboard not as alert
i don't know how to do this
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will suggest you to create 3 panel in dashboard stating , First shift Amount , second shift Amount and third shift Amount . Each panel time range you can keep as per the shift timings.
Please give your current query to give more inputs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this is my query is:
sourcetype=allf |spath|rename AUTOEXPORTFILE.ProgramName as produit |stats count as x by produit|where produit="\TELIA-SUEDE-E\TELIA-SUEDE-E.KYJOB" | eventstats sum(x) as result
I want to run this query in real time in single panel but at each start of team the counting starts again (teams are independent)
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
