Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cron job condition when running DBX query

k_harini
Communicator
‎06-03-2017 09:56 AM

Hi,
I have a condition where we have to run dbxquery command based on scheduling condition.. Only on Mondays between 8 am to 2 pm.. Incase if Monday is public holiday it should run on Tuesday.. How can we achieve this?

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎06-03-2017 10:28 AM

Run the Monday one with a regular cron then every year go through and figure out when the holiday things are and setup INDIVIDUAL jobs for each Tuesday, writing the queries in such a way that the Tuesday run always overwrites the previous day's run.

0 Karma
Reply

k_harini
Communicator
‎06-03-2017 06:49 PM

How to make Tuesday run overwrite? Here we have used saved search with dbxquery and summary indexed the data.. I can have a look up list of public holidays. With tat how can I change cron job?

0 Karma
Reply

woodcock
Esteemed Legend
‎06-03-2017 08:54 PM

Keep the same search that should end in | collectand add to it something like this:

| search ThisFieldDoesNotExist="So this will throw away all the events we just saved"
| append [ search [|makeresults | eval search = "earliest=-1d@d latest=0d@d-1" | table search] index="YourSummaryIndexHere"
|delete ]
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...