'splunk alert to check every minute
I'm trying to make an alert in splunk that checks every minute for query results. For testing purposes I set the interval to 361s to ensure that I get plenty of results and see if the results from one check will also still be there in the subsequent 5-6 checks.
This is what I configured: (sorry for posting german screenshot, but that is our splunk is installed)
I'm only getting an e-mail at the full hour. Considering my 361s interval, a successfull trigger are 11h00 should also result in a successfull trigger at 11h01, 11h02 etc., but there is no e-mail. And there definitely are query results every few minutes.
isn't "0 * * * *" the corret cron expression for "every minute"? And what is "Ablauf" anyways? Is this the issue maybe, I can't find any documentation what it is for.
Solution 1:[1]
I just noticed that the first digit for the cron expression is for minutes and not for seconds. I guess that explains it.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | EasterBunnyBugSmasher |