0

I am working on a Splunk requirement, which is like the splunk script is scheduled to run every 15 mints from Mon-Fri for 30m. However they have a new requirement to run this script for 60m on Sat and Sunday alone.

What are the changes to be done in the existing script to run every 60m for sat and sundays alone. Please help.

Thanks Venkatesh

venkat
  • 1
  • 1

1 Answers1

1

I think coming up with a cron schedule for 15 mins between Monday to Friday, AND every 60 minutes Saturday and Sunday will be tricky. I suggest you make a copy of your search and set a separate schedule for that one for the weekend.

To clone a search, go to Settings > Searches, Reports and Alerts. Find the search and then click Edit > Clone.

To change the schedule of a search, go to Settings > Searches, Reports and Alerts. Find the cloned search and then click Edit > Edit Schedule. I would suggest you set this cron schedule to be 0 */1 * * 0,6 which will make it run at 0 minutes past every hour, on Saturday and Sunday

Simon Duff
  • 2,631
  • 2
  • 7
  • 15
  • Hi Simon, Thanks for your reply. My current requirement is not on the splunk cront schedule. We have a script or query written to search an index and pull the records based on the condition provided. It is like as said, 30m and 60 rest of the days and 60m for Sat and Sun alone. How I can add this condition to my existing splunk query/script. Kindly suggest. – venkat Mar 23 '20 at 04:50
  • If you share your existing query, I will be able to help – Simon Duff Mar 23 '20 at 23:28
  • Hi Simon, Quick one, Requirment is like 120(Btw 00:00 - 06:00 SST all 7 days everyday) and 30 minutes(Mon-Friday) and 60 minutes(Sat-Sunday). Can we add this condition in scheduler? Please help. – venkat Mar 31 '20 at 06:23
  • Hi Simon, Need one quick help! I have 2 scripts one is running every 30 mints and one 120mints between 00.00 to 06.00 daily. How to hold 30 mints to stop running when 120 mints script is running in splunk .Bit urgent – venkat May 13 '20 at 12:33
  • I still really need to see an example of your query to understand what you are after – Simon Duff May 14 '20 at 03:19