cron schedule: How can we cutomise the cron?

av_ · ‎09-11-2023

My splunk instance is running in GMT and I want to schedule an alert as per China time.
*/5 21-23,0-13 * * 0-5 This is the cron. The logic is to trigger the alert every 5minutes from Monday to friday 5AM till 10 PM china Time but the alert is getting triggered on Sunday as well.
How can we cutomise the cron?

efavreau · ‎09-11-2023

Hi @av_ !

Your expression looks correct to account for the 8 hour difference, assuming the cron job is executing in your timezone. 21:00 Sunday GMT would be 5:00 Monday BJT. So if that is not working as expected, then the cron job may not be running out of your GMT timezone.

If it's running out of the BJT timezone, then the cron needs to be re-written to: */5 5-22 * * 1-5

Did you test that? What was the result?

If that also isn't working, then more details are needed for people to figure out why the cron is executing in neither timezone

###

If this reply helps you, an upvote would be appreciated.

av_ · ‎09-11-2023

@efavreau You're right about 21:00 Sunday GMT would be 5:00 Monday BJT but if you see the cron, it is running from 0-13 on a Sunday which is incorrect and we need to exclude that.
How can we exclude this extra cron schedule.

efavreau · ‎09-11-2023

@av_

Thank you for the additional detail. Makes sense. I would handle that as two separate jobs.

I would say this is the solution and can be cleanly executed.

###

If this reply helps you, an upvote would be appreciated.

efavreau · ‎09-11-2023

Hi @av_ !

To double-check cron expressions, I may resort to using a tool like crontab guru. When I put the expression you provided in there, it suggests the 0-5 part of the cron expression includes Sunday.
https://crontab.guru/#*/5_21-23,0-13_*_*_0-5

So if we change that part from 0-5 to 1-5, it appears that may work for you.

Good luck! If you find this hopeful please give it a thumbs up!

###

If this reply helps you, an upvote would be appreciated.

av_ · ‎09-11-2023

Hi @efavreau, changing it from 1-5 would miss some alerts which are supposed to trigger monday morning. As I said there's a time difference. The splunk instance is in GMT while the alerts are being scheduled for China Time.

efavreau · ‎09-11-2023

Hi @av_ !

There's a tool some of us use to provide a gut-check, crontab guru (not affiliated in any way with it - just a user), which I used on the cron you provided:
https://crontab.guru/#*/5_21-23,0-13_*_*_0-5

The tool's assessment, is the cron runs on Sundays. If we breakdown the cron, the last part (0-5) sets the days of the week. So it we try changing that to 1-5, it appears it may work for you.

*/5 21-23,0-13 * * 1-5

There are other tools out there. There's nothing magical about what I used, but I like it for people who are unfamiliar with cron. Good luck!

If this helped you, please provide it a thumbs up.

###

If this reply helps you, an upvote would be appreciated.

cron schedule: How can we cutomise the cron?

troubleshooting

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms