Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Did the cron scheduler change between versions?

jeffbat
Path Finder
‎04-02-2019 10:38 AM

We just recently upgraded from Splunk 6.6.3 to 7.2.4.1 and noticed a change to one of our alerts based on its cron schedule.

The cron schedule for the alert is set to this:

3 21 1-7,15-24 * 0

Before the upgrade, this was working to send out the alert the 1st and 3rd Sundays of the month.

After the upgrade, this is now sending out on the Sunday AND every day between the 1st-7th and we figure will also send every day from the 15th-24th.

Did the cron scheduler get changed in the version upgrade?

Also, where can I find what cron version Splunk is utilizing?

For now we change changed the cron schedule to send out on the 1st and 15th, so it will only send twice a month but would like it to just be every other Sunday.

Thanks.

Reply

the0duke0
Path Finder
‎05-06-2019 03:25 AM

We just upgraded from 7.1.x to 7.2.5.1 and we have noticed a similar behavior. Previously 20 15 1-7 * 3 would fire the first Wednesday of the month at 15:20. It is now firing every Wednesday AND the first seven days of the month at 1520. I don't see any release notes with 7.2 about cron changes, but it seems there was some change.

0 Karma
Reply

teunlaan
Contributor
‎05-06-2019 04:30 AM

They fixed some cron issues in v 7.2.3. So it could be your cron's a now behaving in an other way then before

Blockquote 2018-12-21 SPL-164242, SPL-164210 A search scheduled to run monthly or weekly may run daily. "Next Scheduled Time" is incorrect due to cron parsing issue

But it looks like they didn't fix it, or broke something else
Did you file a Bug?

0 Karma
Reply

tom_frotscher
Builder
‎05-06-2019 03:49 AM

Just as a quick tip, the website crontab guru is very useful to create and manage cron schedules.
For your example: https://crontab.guru/#3_21_1-7,15-24_*_0

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...