Solved: Re: How to edit my scheduled alert to trigger only...

raghu0463 · ‎05-24-2017

I was trying to schedule an alert which should trigger only once.
i'm giving the cron schedule as */35 2 * * * (which means it should trigger an alert at 2:35 am when the condition is met. )
but the alert is trigger twice i.e at 2:01 and 2:35.

somesoni2 · ‎05-24-2017

You want to run only once per day (based on what you have)? If yes then use like this 35 2 * * *
Use this site to test cron https://crontab.guru/

View solution in original post

somesoni2 · ‎05-24-2017

You want to run only once per day (based on what you have)? If yes then use like this 35 2 * * *
Use this site to test cron https://crontab.guru/

raghu0463 · ‎05-28-2017

I have one more doubt, I have scheduled one of my saved search at 4:30 EST, but it triggered an alert at 8:42 EST.

somesoni2 · ‎05-28-2017

Run this search and see what is the dispatch time and scheduled time for your alert search

index=_internal sourcetype=scheduler savedsearch_name="Your ALert Search Name here"  status=success 
| table _time *_time | convert ctime(*_time)

raghu0463 · ‎05-28-2017

Thank you, the crontab.guru is very helpful .

How to edit my scheduled alert to trigger only once?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases