I am working on a Splunk requirement, which is like the splunk script is scheduled to run every 15 mints from Mon-Fri for 30m. However they have a new requirement to run this script for 60m on Sat and Sunday alone.
What are the changes to be done in the existing script to run every 60m for sat and sundays alone. Please help.
Thanks Venkatesh
I think coming up with a cron schedule for 15 mins between Monday to Friday, AND every 60 minutes Saturday and Sunday will be tricky. I suggest you make a copy of your search and set a separate schedule for that one for the weekend.
To clone a search, go to Settings > Searches, Reports and Alerts. Find the search and then click Edit > Clone.
To change the schedule of a search, go to Settings > Searches, Reports and Alerts. Find the cloned search and then click Edit > Edit Schedule. I would suggest you set this cron schedule to be
0 */1 * * 0,6which will make it run at 0 minutes past every hour, on Saturday and Sunday