I have a search query, which is written using a subquery in sumologic and I want to schedule this search for sending an alert to slack. I want to schedule this search for every 10 minutes. But from sumo, we can run this search once in every 15 minutes OR a bigger window. There is an option called Custom Cron. Is it possible to schedule it for 10 minutes window using custom cron ?
Asked
Active
Viewed 518 times
1
user9920500
- 606
- 7
- 21
2 Answers
2
Unfortunately no, the lowest increment of time you can run with a custom cron schedule in Sumo Logic is 15 minutes:
Custom Cron. Enter a custom CRON expression. The run frequency for a CRON expression must not be less than every 15 minutes. For details, see Cron Examples and Reference.
From https://help.sumologic.com/Dashboards-and-Alerts/Alerts/02-Schedule-a-Search
You should consider setting up a real time alert.
the-nick-wilson
- 566
- 4
- 18
-
I need a subquery to be written. Because my search results should be narrowed down by another query. In that case , Real time alert is not possible. Is it not ?? – user9920500 Jun 07 '19 at 06:58
-
Yes, that’s correct. You cannot use a subquery in a real time alert. So your options would be to either not use the subquery, or to schedule it for every 15 minutes. Also, if you’re an Enterprise subscriber you could potentially do something with the search job API: https://help.sumologic.com/APIs/Search-Job-API/About-the-Search-Job-API – the-nick-wilson Jun 07 '19 at 12:11
1
The scheduled searches can either be scheduled as real-time or at least 15 minute frequency. Frequency in between is not supported.
Disclaimer: I am currently employed by Sumo Logic.
Grzegorz Oledzki
- 23,614
- 16
- 68
- 106