Alerting

Alert for monthly reporting

Kwip
Contributor

How to set the alert to run from 26 of last month to 25 of current month. Say example,
Every month at day 1 I will run monthly report, for the run on December month the period should be 26th of October to 25th of November.

Please guide on the same.

0 Karma
1 Solution

hardikJsheth
Motivator

You can set the earliest and latest time as per your requirement and run it on specific schedule. For running search query over period of 26th day to 25th day you can set the time as follows:

earliest : -2mon@mon+25d
latest: -mon@mon+25d

For further information refer http://docs.splunk.com/Documentation/Splunk/7.0.0/Search/Specifytimemodifiersinyoursearch.

View solution in original post

hardikJsheth
Motivator

You can set the earliest and latest time as per your requirement and run it on specific schedule. For running search query over period of 26th day to 25th day you can set the time as follows:

earliest : -2mon@mon+25d
latest: -mon@mon+25d

For further information refer http://docs.splunk.com/Documentation/Splunk/7.0.0/Search/Specifytimemodifiersinyoursearch.

Kwip
Contributor

@hardikJsheth

Awesome! This is what I was looking for! Thank you!

0 Karma

kunalmao
Communicator

To start with , alert and report are two different knowledge objects in Splunk. An alert will be generated only when specific condition like number of results etc are met. Where as a report is the result of your query and can be viewed similar to a dashboard, it can also be scheduled as mail and the results will be mailed to you.

Assuming your question is about alerts, there are two ways in which you can set it up.

  • Run the query for the desired time range (in your case the complete month) and then on the top right corner of search bar click on save as alert and in that you will be required to give the schedule viz is when you want splunk to run the query for you (in your case 1st of every month)
  • Alternatively you can go to settings -> Searches, reports, and alerts in that new alert and provide the same info. Here also time range is your range for which you want splunk to run query and schedule is when you want it to run.

Coming to reports create the report in the same way, once you have created the report , find it in settings -> Searches, reports, and alerts and click on edit and schedule the report to run on the specific time you want it to run

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...