How can I set up an alert to trigger every 30 minu...

mahbs · ‎11-29-2017

Hi,
I want an alert to be triggered every 30 minutes from 7 p.m. to 11:30 p.m. only. I tried this but it doesn't seems to be working as expected.

Is this possible to do? I had a look at the cron expression and came up with something like this, but it's not working:

*/30 30,19,23 * * *

Please help!

harsmarvania57 · ‎11-29-2017

Hi @mahbs,

Please use cron schedule as */30 19-23 * * *

EDIT: Based on @niketnilay suggestion there might be chances that all search will not run at 0th minute and 30th minute due to load on splunk server so in that case you can use 0,30 19-23 * * * credit goes to @niketnilay 🙂

I hope this helps.

Thanks,
Harshil

niketn · ‎11-29-2017

@harsmarvania57, there is a slight difference to the following but it ensures that it runs at 0th minute and 30th minute of hour between 19 to 23. Running every 30 minutes /30 implies if one execution delays (possible due to load on Splunk instance at that particular time, then subsequent runs will also be delayed).

0,30 19-23 * *

I use Cron Tester provided at http://cron.schlitt.info/index.php for testing cron expressions: http://cron.schlitt.info/index.php?cron=0%2C30+19-23+*+*+*&iterations=20&test=Test

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

harsmarvania57 · ‎11-29-2017

@niketnilay Well Spotted, thanks 🙂

mahbs · ‎11-29-2017

Thanks! But is it possible to get it from 19-23:30?

harsmarvania57 · ‎11-29-2017

Yes, this will run between 19 to 24 (19:00,19:30,20:00,20:30,21:00,21:30,22:00,22:30,23:00,23:30)

mahbs · ‎11-29-2017

Ah I see. Brilliant. Thanks!

harsmarvania57 · ‎11-29-2017

If my answer helps you then will you please accept my answer so that this question will be closed.

Thanks,
Harshil

How can I set up an alert to trigger every 30 minutes for a specified time range?

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!