How to schedule a search biweekly (week over week) on monday in splunk?
I was unable to get the proper cron entry for this, can anyone help me out?
If you are asking how to run a search every other week, then check out this Q&A:
http://answers.splunk.com/answers/261163/is-there-a-way-i-can-schedule-a-saved-search-to-ru.html
P.S. @ppablo_splunk, maybe you will accept my (tested) correct answer in the referenced link?
If you are asking how to run a search every other week, then check out this Q&A:
http://answers.splunk.com/answers/261163/is-there-a-way-i-can-schedule-a-saved-search-to-ru.html
P.S. @ppablo_splunk, maybe you will accept my (tested) correct answer in the referenced link?
got it thanks !!!
This looks good, but I'm calling a lookup using |inputlookup not regular search query.
for example my search starts like below.
|inputlookup lookup1.csv .....
No problem, ... | map search="| inputlookup lookup1.csv ...
is valid syntax.