Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to setup a Splunk alert to run on 2 different days during 2 different times?

rahulbhatia
Path Finder
‎09-14-2022 08:04 AM

Hi All,

 

I have a requirement where i want to setup the alert to run every 10 min on friday between 8-10pm and every 10 min on sunday between 6-8am.

 

i tried writing the Cron for it however it didnt work 

 

Can you please help

Labels (3)
0 Karma
Reply

rahulbhatia
Path Finder
‎09-14-2022 09:53 AM

15 20-22,6-8 * * 5,0 this is Cron schedule we have used but it is running during the same time on Friday and Sunday 

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-14-2022 10:41 AM

Which is to be expected with the given cron schedule.  Running at different times on certain days requires multiple cron schedules.  Since Splunk supports a single cron schedule for an alert, you need a separate alert for each cron schedule.  Or, as suggested by @JacekF , you can add intelligence to the alert.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

JacekF
Path Finder
‎09-14-2022 08:49 AM

I don't think this can be done with a cron schedule only. You can use a cron similar to that one:

*/10 20-22,6-8 * * 5,0

This should execute the alert at every 10th minute past every hour from 20 through 22 and every hour from 6 through 8 on Friday and Sunday. In the SPL you can add a condition to check the day of week and the hour and return results depending on day/hour combination.

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-14-2022 08:23 AM

It would help to know the cron schedule(s) you tried, but I think you'll need two alerts to accomplish that.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...