How to edit the frequency of scheduled search?

muizash · ‎10-17-2019

How to locate scheduled search(in alert or dashboards)
How to edit the frequency of the scheduled search because it is consuming high CPU.

Thanks

logankinman99 · ‎10-18-2019

Cron schedules can be very useful. They look confusing at first, but are really nice to use.
Select cron schedule, select the time range you want to search, and then the cron expression is how often you search.

For example,
*/3 * * * *
says you want the search to run every 3 minutes,
*/15 * * * *
says you want the search to run every 15 minutes, and so on.

ivanreis · ‎10-17-2019

1 - For alert, you have to visit the Alert form for the particular app the alert is setup for or you can go to menu Settings/Search, Report and Alerts
for further information about alerts check this doc -> https://docs.splunk.com/Documentation/SplunkCloud/7.2.7/Alert/Definescheduledalerts
for dashboard check this document -> https://docs.splunk.com/Documentation/Splunk/7.3.2/SearchTutorial/Createnewdashboard#View_and_edit_d...

2 - check this link -> https://docs.splunk.com/Documentation/Splunk/7.3.2/Report/Schedulereports

How to edit the frequency of scheduled search?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?