Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cron Expression for scheduled Alert

jackin
Path Finder
‎11-17-2021 08:02 PM

Hi 

Please help me to build cron expression. thanks in advance

Alert runs Every 15min from 8am to 18pm, Everyday
Alert runs Every 15min from 4am to 18pm weekdays only
Alert runs Every 15min from 8am to 18pm weekdays only
Alert runs Every 15min from 9am to 17pm weekdays only
Alert runs Every 15min from 8am to 18:45pm weekdays only
Alert runs Every 15min from 23:01 pm to 18:59pm Everyday
Alert runs Every 15min from 12am to 12:59am and 6am to 6:59am Everyday
Alert runs Every 15min from 8am to 8:59am and 13pm to 13:59pm Everyday
Alert runs Every 15min from 10am to 6:59am Everyday
Alert runs Every 15min from 7am to 23:59pm Everyday
Alert runs Every 15min from 8am to 10:59am Everyday
Labels (1)
Labels
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-17-2021 09:21 PM

You can't write some of them as a single cron schedule.

For example - if your frequency is "every 15 minutes", you can't run it from something :00 till something else :59. Your latest occurrence would be :45, not :59.

Amd, since you can only specify how each datetime part changes on it's own, you can't do "every 15 minutes from something :00 up to and including something else :00". If you specify both ranges/generators or whatever you call them for hours and for minutes they will both get expanded separately.

So

*/15 7-9

(To only focus on minutes and hours, forget the other parts of cron spec)

will generate times from 7:00 up to 9:45. There is no way to include just 10:00 without 10:15, 10:30 and 10:45.

You'd neeed a separate schedule just for 10:00.

0 Karma
Reply

jackin
Path Finder
‎11-17-2021 09:46 PM

Thankq @PickleRick 

 

Can you help in below updated sheet

Alert Every 15min from 8am to 18pm Everyday
Alert Every 15min from 4am to 18pm weekdays only
Alert Every 15min from 8am to 18pm weekdays only
Alert Every 15min from 9am to 17pm weekdays only
Alert Every 15min from 8am to 18:45pm weekdays only
Alert Every 15min from 23:00 pm to 19pm
Alert Every 15min from 12am to 1am 
Alert Every 15min from 6am to 7am
Alert Every 15min from 8am to 9am
Alert Every 15min from 13pm to 2pm
Alert Every 15min from 10am to 7am
Alert Every 15min from 7am to 12am
Alert Every 15min from 8am to 11am
0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...