Alerting

How to setup an alert to run during specific times?

zadenaji
Explorer

Hello,

I have a setup an alert that checks the response time of a specific server constantly. My time range is -1m to now and I have scheduled this to run every minute. The alert occurs if the number of events is greater than 3.

The only issue I am having is that it is running 24/7 and I just want it to run during business hours 8am-6pm... is there someway to set it up like this?

Thank you for all your help/support

Tags (2)
0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

Try with cron schedule as * 8-17 * * *

“At every minute past every hour from 8 through 17, till 17:59)

View solution in original post

somesoni2
SplunkTrust
SplunkTrust

Try with cron schedule as * 8-17 * * *

“At every minute past every hour from 8 through 17, till 17:59)

zadenaji
Explorer

I'll try this! So just to clarify, this should allow it to run real time every minute from 8-17?

Thanks

0 Karma

somesoni2
SplunkTrust
SplunkTrust

By realtime every minutes do you mean a realtime search or historical search with new instance of the search executing every minute? You should be running a historical search (regular search with earliest and latest) not the real-time searches as they are expensive and never end.

I would also suggest to allow some buffer in your timerange to account for indexing delay. So instead of @m to -1m to now, use say -2m@m to -1m@m allowing 1 min for data to be indexed and become searchable.

zadenaji
Explorer

Yes, historical data with new instance of the search executing every minute. This is great info, I will also modify my timerange. Thanks again!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...