Solved: Searching with some time slots excluded

anirbanukil · ‎01-04-2012

I have some saved searches which should not trigger during certain window.
For example, everyday from 12:00 AM to 2:00 AM none of the searches should trigger. In all other times, it should trigger as per the defined interval (10 minutes).

Please suggest how to achieve this?

BobM · ‎01-04-2012

You can add the following to the end of your searches

| where date_hour >2

or you can schedule the search to only run during the hours you are interested using cron. for example if you wanted a search to run every 5 minutes but not between 2 and 4 am.

*/5 0-1,4-23 * * *

View solution in original post

BobM · ‎01-04-2012

You can add the following to the end of your searches

| where date_hour >2

or you can schedule the search to only run during the hours you are interested using cron. for example if you wanted a search to run every 5 minutes but not between 2 and 4 am.

*/5 0-1,4-23 * * *

Searching with some time slots excluded

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation