I scheduled a search Alert with cron expression="48 11 * * 1-5",Although in search it is working fine but it is not working as an alert.Is there any problem with my search query or Alert configuration?Please suggest
this Cron expression does not look right
how often did you want this to run
for every 15min use
0 0/15 * 1/1 * ? *
It looks like your Cron schedule is off
Splunk has some really great documentation on how to format your Cron schedule:
http://docs.splunk.com/Documentation/Splunk/6.5.2/Alert/Definescheduledalerts#Using_cron_expressions
this Cron expression does not look right
how often did you want this to run
for every 15min use
0 0/15 * 1/1 * ? *