Solved: How to schedule alert every 3 hours?

gajananh999 · ‎07-25-2014

Dear All,

I am working on scheduling alert may i know how to schedule a alert in every 3 hours?

Thanks
Gajanna Hiroji

martin_mueller · ‎07-25-2014

Use this cron schedule:

0 */3 * * *

That will run the alert at 00:00, 03:00, ..., 21:00. Make sure you don't have a huge bunching up around a specific minute if the minute isn't important to your report, so use maybe 1 */3 * * * for some and 2 */3 * * * for others.

View solution in original post

martin_mueller · ‎07-25-2014

Use this cron schedule:

0 */3 * * *

That will run the alert at 00:00, 03:00, ..., 21:00. Make sure you don't have a huge bunching up around a specific minute if the minute isn't important to your report, so use maybe 1 */3 * * * for some and 2 */3 * * * for others.

ankireddy007 · ‎07-25-2014

Hi,

You Can use cron schedule: Link below http://docs.splunk.com/Documentation/Splunk/6.0.1/Alert/Definescheduledalerts#Schedule_the_alert

It looks like:

*/5 * * * *       : Every 5 minutes
*/30 * * * *      : Every 30 minutes
0 */12 * * *      : Every 12 hours, on the hour
*/20  * * * 1-5   : Every 20 minutes, Monday through Friday
0 9 1-7 * 1       : First Monday of each month, at 9am.

How to schedule alert every 3 hours?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases