Re: How to set alert for three different timestamp...

karthi2809 · ‎04-05-2018

Have to set alert for three different timestamp?

ex: 4am to 7am , 9am to 2 pm,5pm to 10pm

Thanks
Karthi

p_gurav · ‎04-05-2018

If your alert is running every 30mins, then :

0/30 4-7,9-14,17-22 * * *

p_gurav · ‎04-05-2018

Do you mean this:

Morning 9 AM : Cycle will be previous day 4 PM to Today 9 AM
0 9 * * * and search for -17h to now()

Afternoon 1 Pm : Cycle will be 9 AM to 12.59 PM
0 13 * * * and search for -4h to now()

Evening 4 PM : Cycle will be 1 PM to 3.59 PM
0 16 * * *  and search for -3h to now()

karthi2809 · ‎04-05-2018

i need in single alert

kmaron · ‎04-05-2018

you should be able to use a cron schedule for that

0 4-7,9-14,17-22 * * *

from crontab.guru: “At minute 0 past every hour from 4 through 7, every hour from 9 through 14, and every hour from 17 through 22.”

karthi2809 · ‎04-05-2018

what is earliest and latest time

kmaron · ‎04-05-2018

You're going to need four separate alerts for that because each one has a different trigger time and a different earliest/latest setting.

karthi2809 · ‎04-05-2018

Hi This is the time frame

Morning 9 AM , 1 PM and 4 PM.

Morning 9 AM : Cycle will be previous day 4 PM to Today 9 AM

Afternoon 1 Pm : Cycle will be 9 AM to 12.59 PM

Evening 4 PM : Cycle will be 1 PM to 3.59 PM

How to set alert for three different timestamp in Splunk?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Join the Conversation