According to stackoverflow you cannot do it in a single statement. The recommendation is to use two statements:
0 */5 * * *
and
30 2,7,12,17,22 * * *
See the post:
http://stackoverflow.com/questions/13226003/how-to-execute-a-cron-expression-for-every-2-5-hours
Well, I expected you would create two scheduled searches - one with one cron schedule, and one with the other. Splunk won't really care.
Hey luke, I do want to try your method but we are allowed just one statement in cron in splunk 😞
Hello
I think you can use this schedule
150m
To run the query every 150 minutes
regards
No it doesn't take decimal value in cron schedule.
-150m may be good to search for records in last 2.5 hours but it does not satisfy cron criteria. I need the search to run every 2.5 hours and when i try this it throws an error.
Encountered the following error while trying to update: In handler 'savedsearch': Invalid cron_schedule="*/150 * * * *"