Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Alert from 6 am?

karthi2809
Builder
‎11-10-2017 02:39 AM

I have a scenario that the alert need to be triggered at 6 AM , But i will get the logs from 3 AM ? How to set earliest and latest time stamp for the scenario?
In other words it should run every 3hrs. Please help me on same ?

I set earliest :@d+3h and latest :@d+6h

Tags (2)
0 Karma
Reply

harsmarvania57
Ultra Champion
‎11-10-2017 04:09 AM

Hi,

If I am understanding correctlty your schedule search will run at every 3 hours & at 00 minutes and fetch last 3 hours data, in that case earliest time will be -3h@h and latest time will be either now or @h

I hope this helps.

Thanks,
Harshil

Reply

karthi2809
Builder
‎11-10-2017 05:08 AM

Thanks,

But i need to set up alert which start from next day 6 am and continuously for every three hours .before that i dont want to alert trigger.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎11-10-2017 05:48 AM

@karthi2809 Do you mean to say you want to search future data ?

0 Karma
Reply

nawneel
Communicator
‎11-10-2017 05:45 AM

@karthi2809 data come at 0300 HRS and and you want to schedule alert from 0600 at every 3 hours. is that understanding correct ? if so , schedule your alerts from 0300 using CRON and run it for last 3 hours.

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...