- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- Re: How to schedule a report email with a CSV atta...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Can any one help me on how to schedule a report with an attachment (csv) and email to my boss every 4 hours with last 4 hours of search results? I used cron expression 0 */4 * * *, but it's not generating a report every 4 hours.
Example: Email a report for every 4 hours; first email has to be sent at 4am for the results of last 4 hours (1am - 4am). The second email has to be sent at 8am for the results of 5am to 8am
Please help me to do this
Thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The cron syntax works like this.
.---------------- minute (0 - 59)
| .------------- hour (0 - 23)
| | .---------- day of month (1 - 31)
| | | .------- month (1 - 12) OR jan,feb,mar,apr ...
| | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
| | | | |
* * * * *
To run your search every minute on 4 hour intervals (every minute within every 4th hour), use this cron.
* */4 * * *
To run your search once every 4 hours (on the zero minute), use this cron.
0 */4 * * *
You can also specify an enumerated list, if you need to drop off midnight (your example may mean this), like this:
0 4,8,12,16,20 * * *
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The cron syntax works like this.
.---------------- minute (0 - 59)
| .------------- hour (0 - 23)
| | .---------- day of month (1 - 31)
| | | .------- month (1 - 12) OR jan,feb,mar,apr ...
| | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
| | | | |
* * * * *
To run your search every minute on 4 hour intervals (every minute within every 4th hour), use this cron.
* */4 * * *
To run your search once every 4 hours (on the zero minute), use this cron.
0 */4 * * *
You can also specify an enumerated list, if you need to drop off midnight (your example may mean this), like this:
0 4,8,12,16,20 * * *
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please "Accept" this answer.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, 0 */4 * * * will run once every four hours, at zero minutes past 0, 4, 8, 12, 16, 20.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am bit confused can you tell me
0 */4 * * * - does this cron help to get an email every 4 hours?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your immediate response
it means email will go for every 4hours with last 4hours of results right
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The "last 4 hours" part is controlled by the time specifier which should be -4h@h.
Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...
Troubleshooting the OpenTelemetry Collector
Adoption of Infrastructure Monitoring at Splunk
