Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Set Specific Start Time For Scheduled Search

IRHM73
Motivator
‎07-07-2017 12:18 AM

Hi, I wonder if someone could help me please.

I'm creating a scheduled search which will run every day with the following advanced time ranges:

Start date = -1d@d
Latest date = @d

The problem I have is that I want to set the scheduled search to start running on specific date then continue with the schedule.

I've been into the "Advanced edit" and changed the "next_scheduled_time" to show the date I'd like it start on i.e. 09 July, but this doesn't change the date when I look at the report in the list.

Could anyone perhaps point out where I've gone wrong please?

Many thanks and kind regards

Chris

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-07-2017 12:48 AM

Hi IRHM73,
please some additional information:
do you want to schedule your search to a specific date (e.g. 08/07/2017), or to a fixed day of the week (e.g. every friday) or e.g. every hour from a specific date?
About scheduler see https://en.wikipedia.org/wiki/Cron or http://www.quartz-scheduler.org/documentation/quartz-2.x/tutorials/crontrigger.html

  • in the first case schedule your crontab in the week of your date and set your scheduler to 0 0 * * 7 and disable scheduler before the second run
  • in the second case schedule your crontab in the week of your date and set your scheduler to 0 0 * * 7
  • if instead your want to schedule e.g. every hour from a starting date, set your scheduler to 0 * * * * in the hour before the first wanted run.

Bye.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

IRHM73
Motivator
‎07-10-2017 12:11 AM

Hi @cusello, yes you're right, thank you for the guidance.

Kind Regards

Chris

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-07-2017 12:48 AM

Hi IRHM73,
please some additional information:
do you want to schedule your search to a specific date (e.g. 08/07/2017), or to a fixed day of the week (e.g. every friday) or e.g. every hour from a specific date?
About scheduler see https://en.wikipedia.org/wiki/Cron or http://www.quartz-scheduler.org/documentation/quartz-2.x/tutorials/crontrigger.html

  • in the first case schedule your crontab in the week of your date and set your scheduler to 0 0 * * 7 and disable scheduler before the second run
  • in the second case schedule your crontab in the week of your date and set your scheduler to 0 0 * * 7
  • if instead your want to schedule e.g. every hour from a starting date, set your scheduler to 0 * * * * in the hour before the first wanted run.

Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

IRHM73
Motivator
‎07-07-2017 12:57 AM

Hi @cusello, I'm sorry for not providing enough information.

I have a report which will update a Summary index which I've scheduled as 'one -off' job to extract data from 01/03/17 to 07/07/17.

I then want to run the job I raised my question about to extract data for the previous 24 hours, so I will want to run this on the 09 July to extract data from the previous day and to continue doing this each day.

I hope this helps

Many thanks

Chris

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-07-2017 01:21 AM

Hi IRHM73,,
I had this problem configuring BlueCoat Proxies App:

At first you can schedule your search to run once for the previous seven days five minutes after using as time period ealiest=-7d@d latest=@d:
e,g, if yout time is 9.30, schedule your report 35 9 * * * using as time period ealiest=-7d@d latest=@d.

After the end of your execution, schedule your search to run every day (e.g. at 7.00) 0 7 * * * using as time period ealiest=-d@d latest=@d.

Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

IRHM73
Motivator
‎07-07-2017 01:29 AM

Hi @cusello, thank you for coming back to me with this.

So I take it by this, there is not way to set a future date, and should be set as two separate jobs setting the second when the first has run?

Many thanks

Chris

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-07-2017 02:34 AM

Hi IRHM73,
I don't know but why you need to schedule two separate jobs?
As described you can schedule the first one shot job near-immediately (e.g. 5 minutes after your present time) so you can immediately check results and after job end schedule the daily run.

I did it and I obtained my goal!

Eventually, you could schedule also an alert to know if there were some problems in daily job execution to manually repeat the failed ones.

Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...