Alerting

How to set the time range for an alert for the last one year until last week, but ignore the weekend of the last week?

vrmandadi
Builder

I am creating an alert for which I need the time range for the last one year till last week, but it should ignore the weekend of the last week?

the start time is : -1y@s
finish time: -1week@week ...this is for last one yr and ignoring the last week

thanks in advance

0 Karma

woodcock
Esteemed Legend

If you mean stop at the previous Saturday, use this finish time: -0w@5w.

0 Karma

vrmandadi
Builder

so using the above finish time give me the report for 1yr till last week ignoring the last weekend right?

0 Karma

vrmandadi
Builder

I tried your answer but it is showing an error saying cannot parse time argument

0 Karma

somesoni2
SplunkTrust
SplunkTrust

It should be -1w@w5.

0 Karma

woodcock
Esteemed Legend

or possibly 0w@w5.

0 Karma

vrmandadi
Builder

I tried -1w@w5 but itstill it has the weekend and 0w@w5 is not parsing

0 Karma

woodcock
Esteemed Legend

I actually went and tested it and it should actually be -0w@w5 Answer updated.

0 Karma

vrmandadi
Builder

will try the above and let you know..thank you so much

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...