Solved: How is the cron_schedule_map lookup in the SA-Util...

jdeer0618 · ‎08-22-2017

There is a lookup in the SA-Utils app called "cron_schedule_map.csv" and I was wondering if any one out there knows how it is leveraged in ES. Attached is what the first few rows look like.

Thanks,
JD

LukeMurphey · ‎08-22-2017

This lookup exists only to provide information as to when searches run. It isn't really used for anything in the app (i.e. isn't used to drive scripts or searches).

The main reason it exists is to help people who are writing searches to find times that not filled with other searches running at the same time (so that you can space them out).

View solution in original post

LukeMurphey · ‎08-22-2017

This lookup exists only to provide information as to when searches run. It isn't really used for anything in the app (i.e. isn't used to drive scripts or searches).

The main reason it exists is to help people who are writing searches to find times that not filled with other searches running at the same time (so that you can space them out).

jdeer0618 · ‎08-22-2017

Thanks, LukeMurphey. Just what I was looking for.

How is the cron_schedule_map lookup in the SA-Utils app of Splunk Enterprise Security used?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk