How to edit the frequency of scheduled search?

muizash · ‎10-17-2019

How to locate scheduled search(in alert or dashboards)
How to edit the frequency of the scheduled search because it is consuming high CPU.

Thanks

logankinman99 · ‎10-18-2019

Cron schedules can be very useful. They look confusing at first, but are really nice to use.
Select cron schedule, select the time range you want to search, and then the cron expression is how often you search.

For example,
*/3 * * * *
says you want the search to run every 3 minutes,
*/15 * * * *
says you want the search to run every 15 minutes, and so on.

ivanreis · ‎10-17-2019

1 - For alert, you have to visit the Alert form for the particular app the alert is setup for or you can go to menu Settings/Search, Report and Alerts
for further information about alerts check this doc -> https://docs.splunk.com/Documentation/SplunkCloud/7.2.7/Alert/Definescheduledalerts
for dashboard check this document -> https://docs.splunk.com/Documentation/Splunk/7.3.2/SearchTutorial/Createnewdashboard#View_and_edit_d...

2 - check this link -> https://docs.splunk.com/Documentation/Splunk/7.3.2/Report/Schedulereports

How to edit the frequency of scheduled search?

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Join the Conversation

How to edit the frequency of scheduled search?

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events