Marco Schmitz
Reputation: 229
Splunk: schedule an alert with two different frequencies (without overlapping)
I have one Splunk alert which should run infrequent at night and more frequent at day.
00:00 - 06:00 every 30 minutes
*/30 0-6 * * *
At every 30th minute past every hour from 0 through 6.
08:00 - 22:00 every 10 minutes
*/10 8-22 * * *
At every 10th minute past every hour from 8 through 22.
Can I mix them using one cron expression?
Or do I have to clone the alert and as a trade-off everything is redudant (except the cron expression) then?
Upvotes: 0
Views: 623
Answers (1)
RichG
Reputation: 9926
Each alert/scheduled search is allowed a single cron schedule. If you need multiple schedules then the alert must be cloned.
Upvotes: 2
Related Questions
- Splunk Alert - setting severity based on duration of events
- Splunk Alert - setting different threshold during the day
- splunk and how to do alerting on the first/last business day
- Splunk Alert Creation
- Splunk: Throttling of alerts
- Splunk: Schedule alert to run every 10 minutes
- Setting up Splunk alerting
- Does Cron have a way to include all except one case
- Staggering cron alerts in Splunk?
- Running Cron Job at different frequencies throughout day