Solved: How to setup an alert to run during specific times...

zadenaji · ‎12-06-2017

Hello,

I have a setup an alert that checks the response time of a specific server constantly. My time range is -1m to now and I have scheduled this to run every minute. The alert occurs if the number of events is greater than 3.

The only issue I am having is that it is running 24/7 and I just want it to run during business hours 8am-6pm... is there someway to set it up like this?

Thank you for all your help/support

somesoni2 · ‎12-06-2017

Try with cron schedule as * 8-17 * * *

“At every minute past every hour from 8 through 17, till 17:59)

View solution in original post

somesoni2 · ‎12-06-2017

Try with cron schedule as * 8-17 * * *

“At every minute past every hour from 8 through 17, till 17:59)

zadenaji · ‎12-06-2017

I'll try this! So just to clarify, this should allow it to run real time every minute from 8-17?

Thanks

somesoni2 · ‎12-06-2017

By realtime every minutes do you mean a realtime search or historical search with new instance of the search executing every minute? You should be running a historical search (regular search with earliest and latest) not the real-time searches as they are expensive and never end.

I would also suggest to allow some buffer in your timerange to account for indexing delay. So instead of @m to -1m to now, use say -2m@m to -1m@m allowing 1 min for data to be indexed and become searchable.

zadenaji · ‎12-06-2017

Yes, historical data with new instance of the search executing every minute. This is great info, I will also modify my timerange. Thanks again!

How to setup an alert to run during specific times?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?