Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Getting Data In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: How to set alert for three different timestamp...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to set alert for three different timestamp in Splunk?
karthi2809
Builder
04-05-2018
06:30 AM
Have to set alert for three different timestamp?
ex: 4am to 7am , 9am to 2 pm,5pm to 10pm
Thanks
Karthi
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
p_gurav
Champion
04-05-2018
06:37 AM
If your alert is running every 30mins, then :
0/30 4-7,9-14,17-22 * * *
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
p_gurav
Champion
04-05-2018
06:57 AM
Do you mean this:
Morning 9 AM : Cycle will be previous day 4 PM to Today 9 AM
0 9 * * * and search for -17h to now()
Afternoon 1 Pm : Cycle will be 9 AM to 12.59 PM
0 13 * * * and search for -4h to now()
Evening 4 PM : Cycle will be 1 PM to 3.59 PM
0 16 * * * and search for -3h to now()
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthi2809
Builder
04-05-2018
07:03 AM
i need in single alert
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmaron
Motivator
04-05-2018
06:35 AM
you should be able to use a cron schedule for that
0 4-7,9-14,17-22 * * *
from crontab.guru: “At minute 0 past every hour from 4 through 7, every hour from 9 through 14, and every hour from 17 through 22.”
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthi2809
Builder
04-05-2018
07:15 AM
what is earliest and latest time
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmaron
Motivator
04-05-2018
07:18 AM
You're going to need four separate alerts for that because each one has a different trigger time and a different earliest/latest setting.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthi2809
Builder
04-05-2018
06:48 AM
Hi This is the time frame
Morning 9 AM , 1 PM and 4 PM.
Morning 9 AM : Cycle will be previous day 4 PM to Today 9 AM
Afternoon 1 Pm : Cycle will be 9 AM to 12.59 PM
Evening 4 PM : Cycle will be 1 PM to 3.59 PM
Get Updates on the Splunk Community!
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
Tuesday, May 14, 2024 | 11AM PT / 2PM ET
Register to Attend
Join us for this Tech Talk and learn how to ...
.conf24 | Personalize your .conf experience with Learning Paths!
Personalize your .conf24 Experience
Learning paths allow you to level up your skill sets and dive deeper ...
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...
