- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- How to schedule a DB search on daily basis
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to schedule a DB search on daily basis
Hi Team,
I have created one DB search using Splunk DB Connect and pulling the data from SQL table and that data has been indexed.
Now I need to schedule the db search on daily basis from Monday to Friday , timings are 6:05 pm , 8:50 PM , 9:50 PM & 10:35 PM all are in EST time zone. This job has to be scheduled 4 times a day from Monday to Friday. Please let me know how schedule the timings.
Thanks & Regards,
Amarbabu
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your Answer.
I'M using to create cron job scheduling and still i'm having little confusion on this.
Is it possible to schedule the cron job timings like : ("18:05", "20:50", "21:50", "22:35").
0,18:05,20:50,21:50,22:35 * * 1-5 (For different timings not for same time interval)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your Answer.
I'M using to create cron job scheduling and still i'm having little confusion on this.
Is it possible to schedule the cron job timings like : ("18:05", "20:50", "21:50", "22:35").
0,18:05,20:50,21:50,22:35 1-5 (For different timings not for same time interval)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't know of a way to "schedule" 4 specific minute/hour pairs to run a search, since I was thinking you would want to leverage either a cron schedule or have four alerts (one for each time if you absolutely need them to run at some time).
As far as scheduling something to run 4 times a day more generically, under Alert (or report) Settings -> Alert Type -> Scheduled -> "Run on Cron Schedule" -> Set the cron to something like 0 19,21,22,23 * * 1-5, which will run the alert at the 0th minute, of the 19th, 21st, 22nd and 23rd hours (7, 9, 10, 11 PM, which will catch your use case), any day, on any month, Monday to Friday.
Alternatively, you can have the alert run every minute (I wouldn't suggest this but maybe you can tweak it to be closer to what you want, maybe bucketing to the nearest 10-15 minutes or so), and have a where clause which basically states that "now" is the time you want this alert to run, example:
{code}
...yoursearch...
| eval now=strftime(now(), "%H:%M")
| search now IN ("18:05", "20:50", "21:50", "22:35")
{code}
sandbox code:
{code}
| makeresults count=1
| streamstats count
| eval now=strftime(now(), "%H:%M")
| search now IN ("18:05", "20:50", "21:50", "22:35")
{code}
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
