Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to use cron schedule or Search time range to run every half a month then 2nd report that runs the left over days

Cheng2Ready
Path Finder
‎08-29-2024 12:10 PM



Example:

1st report

Date is from 1st June~16th June

2nd report

Date is from 17thJune ~ 30 June

and have it send the two reports on the end of the beginning of the next month.  July 1st.

Next month rolls in....

1st report

Date is from 1st July~16th July

2nd report

Date is from 17th July ~ 31 July

and have it send two reports on the end of the beginning of the next month.  August 1st, ect... and so on.

Cheng2Ready_0-1724956779561.png

Cheng2Ready_0-1724958693827.pngCheng2Ready_1-1724958708205.png

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎08-29-2024 12:27 PM

I'm not quite sure what you mean but you can't use cron schedule to do different things in different periods (like every half an hour from 1am till 5pm and hourly in the rest of the day).

If you want two reports generated each month just schedule two reports every month (probably run a bit after the start of the month to account for any possibly delayed data). One would be over

earliest=-1mon@mon latest=-1mon@mon+16d

and another

earliest=-1mon@mon+16d latest=@mon

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-29-2024 01:51 PM

Rather than try to run the report on the last day of the month, how about running it as soon as the month ends - the first day of the next month?

1 0 1 * *

I used minute 1 to avoid getting skipped during the overly-popular minute 0.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

Cheng2Ready
Path Finder
‎08-29-2024 02:48 PM

@richgalloway  yeah the only reason I'm splitting it into two sections is because when I did the logs for 1 month.
the exported excel sheet was missing data for some reason.
but when I split it in half in the search query the data is able to populate.
I guess the search query might have been too messy, much and adding on 1 month for it might have caused it to use to much resource or something.

Thank you

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-29-2024 01:14 PM

cron lets you schedule a report on the 16th day of a month, but not the 16th and last days.  You would need two reports for that.

Even if cron did what you seek, Splunk sends reports immediately.  There is no way to sit on the results before sending them other than to write the results to a summary index or CSV.  Then you would need two reports - one to search the first half of the month and write the summary; the second searches the rest of the month and incorporates the summary results into the final report.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

Cheng2Ready
Path Finder
‎08-29-2024 01:29 PM

@richgalloway 
Thank you for the response!
So lets say we go the path of creating two scheduled Reports
1.  a report on the 16th day of a month

How would I setup the 2nd query to search from 17~ 30  or 31 depending on the month?
would it look like this?

Cheng2Ready_0-1724963380375.png

 

0 Karma
Reply
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎08-29-2024 12:27 PM

I'm not quite sure what you mean but you can't use cron schedule to do different things in different periods (like every half an hour from 1am till 5pm and hourly in the rest of the day).

If you want two reports generated each month just schedule two reports every month (probably run a bit after the start of the month to account for any possibly delayed data). One would be over

earliest=-1mon@mon latest=-1mon@mon+16d

and another

earliest=-1mon@mon+16d latest=@mon

 

0 Karma
Reply
Solved! Jump to solution

Cheng2Ready
Path Finder
‎08-29-2024 01:30 PM

I will give this a try Thank you @PickleRick 

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...