Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Cron Expression for scheduled Alert

jackin
Path Finder
‎11-17-2021 08:02 PM

Hi 

Please help me to build cron expression. thanks in advance

Alert runs Every 15min from 8am to 18pm, Everyday
Alert runs Every 15min from 4am to 18pm weekdays only
Alert runs Every 15min from 8am to 18pm weekdays only
Alert runs Every 15min from 9am to 17pm weekdays only
Alert runs Every 15min from 8am to 18:45pm weekdays only
Alert runs Every 15min from 23:01 pm to 18:59pm Everyday
Alert runs Every 15min from 12am to 12:59am and 6am to 6:59am Everyday
Alert runs Every 15min from 8am to 8:59am and 13pm to 13:59pm Everyday
Alert runs Every 15min from 10am to 6:59am Everyday
Alert runs Every 15min from 7am to 23:59pm Everyday
Alert runs Every 15min from 8am to 10:59am Everyday
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-17-2021 09:21 PM

You can't write some of them as a single cron schedule.

For example - if your frequency is "every 15 minutes", you can't run it from something :00 till something else :59. Your latest occurrence would be :45, not :59.

Amd, since you can only specify how each datetime part changes on it's own, you can't do "every 15 minutes from something :00 up to and including something else :00". If you specify both ranges/generators or whatever you call them for hours and for minutes they will both get expanded separately.

So

*/15 7-9

(To only focus on minutes and hours, forget the other parts of cron spec)

will generate times from 7:00 up to 9:45. There is no way to include just 10:00 without 10:15, 10:30 and 10:45.

You'd neeed a separate schedule just for 10:00.

0 Karma
Reply

jackin
Path Finder
‎11-17-2021 09:46 PM

Thankq @PickleRick 

 

Can you help in below updated sheet

Alert Every 15min from 8am to 18pm Everyday
Alert Every 15min from 4am to 18pm weekdays only
Alert Every 15min from 8am to 18pm weekdays only
Alert Every 15min from 9am to 17pm weekdays only
Alert Every 15min from 8am to 18:45pm weekdays only
Alert Every 15min from 23:00 pm to 19pm
Alert Every 15min from 12am to 1am 
Alert Every 15min from 6am to 7am
Alert Every 15min from 8am to 9am
Alert Every 15min from 13pm to 2pm
Alert Every 15min from 10am to 7am
Alert Every 15min from 7am to 12am
Alert Every 15min from 8am to 11am
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...