Re: Cron job condition when running DBX query

k_harini · ‎06-03-2017

Hi,
I have a condition where we have to run dbxquery command based on scheduling condition.. Only on Mondays between 8 am to 2 pm.. Incase if Monday is public holiday it should run on Tuesday.. How can we achieve this?

woodcock · ‎06-03-2017

Run the Monday one with a regular cron then every year go through and figure out when the holiday things are and setup INDIVIDUAL jobs for each Tuesday, writing the queries in such a way that the Tuesday run always overwrites the previous day's run.

k_harini · ‎06-03-2017

How to make Tuesday run overwrite? Here we have used saved search with dbxquery and summary indexed the data.. I can have a look up list of public holidays. With tat how can I change cron job?

woodcock · ‎06-03-2017

Keep the same search that should end in | collectand add to it something like this:

| search ThisFieldDoesNotExist="So this will throw away all the events we just saved"
| append [ search [|makeresults | eval search = "earliest=-1d@d latest=0d@d-1" | table search] index="YourSummaryIndexHere"
|delete ]

Cron job condition when running DBX query

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?