Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Schedule an alert

ankithreddy777
Contributor
‎03-23-2017 01:21 PM

How to schedule an alert to search for last hour data.
Ex: I have to schedule Alert to search for 9:00am-10:00am data. My Alert is scheduled at 15th min of every hour(15 */1 * * *). At 10:15 am, My alert runs, But I need it to search for last hour data(9-10am). what should be the earliest and the latest time settings?

0 Karma
Reply

somesoni2
Revered Legend
‎03-23-2017 02:14 PM

Use earliest as -1h@h and latest as @h

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎03-23-2017 01:28 PM

Go to Save As in the upper right corner after you have a search in the search bar and select Alert

There will be 2 fields Earliest and Latest

The Earliest field should have -1h@h
The Latest field should have now

This will set a 1 hour window of the previous hour

You will also see the timeranges populate once you enter in those values

0 Karma
Reply

ankithreddy777
Contributor
‎03-23-2017 01:30 PM

If I use latest time as now, then it will search for the data from 9:00-10:15 right? I just need 1 hr data

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎03-23-2017 02:06 PM

Just use earliest=-1h@h latest=@h to search from 9-10 (assuming a 10:15/30/45 search run time.
Details here

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...