Splunk Enterprise Security
Highlighted

How is the cron_schedule_map lookup in the SA-Utils app of Splunk Enterprise Security used?

Explorer

There is a lookup in the SA-Utils app called "cronschedulemap.csv" and I was wondering if any one out there knows how it is leveraged in ES. Attached is what the first few rows look like.

Thanks,
JD

alt text

0 Karma
Highlighted

Re: How is the cron_schedule_map lookup in the SA-Utils app of Splunk Enterprise Security used?

Champion

This lookup exists only to provide information as to when searches run. It isn't really used for anything in the app (i.e. isn't used to drive scripts or searches).

The main reason it exists is to help people who are writing searches to find times that not filled with other searches running at the same time (so that you can space them out).

View solution in original post

Highlighted

Re: How is the cron_schedule_map lookup in the SA-Utils app of Splunk Enterprise Security used?

Explorer

Thanks, LukeMurphey. Just what I was looking for.