Hello, I setup a cron schedule to run on Tue, Wed, Thur, Fri at 8am. For example , on Tue I want to receive results showing me events from 9PM on Mon to 6AM on Tue. I am having a issue where on Wed I am still getting the same results that i received on Tue, whereas instead I should be receiving results from 9pm on Tue to 6am on Wed. muchtthanks
Is the report really configured with fixed start and end times? If so, that would explain why the results are the same. Time ranges should be relative like "-11h@h" and "-2h@h".
Is the report really configured with fixed start and end times? If so, that would explain why the results are the same. Time ranges should be relative like "-11h@h" and "-2h@h".
much thanks for assisting Rich. I am pretty amatuer with Splunk now. Yes, it was originally configured with fix start/end and i thought the cron setup will implement the date change, but I see cron is only for setting up when the report is supposed to run. I will setup the relative time in the **Advance->Earliest/Latest section? Let me see if I can get my head around setting up relative time before asking you the another question:) appreciate your help.
What is the time range setting for your search?
Time range
Start time
1429650000
Finish time
1429682400
Cron schedule
0 8 * * 2-5
Thanks