icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Python Cron Iteration for Splunk
SHA256 checksum (python-cron-iteration-for-splunk_104.tgz) 08c9d09fd8d1c693b49b94e93049cf9a6e310e0a319e039f9ce3c16391fae5ea SHA256 checksum (python-cron-iteration-for-splunk_103.tgz) cbd83341d9deb5923ce675b44d3a27b52472a3f5219243c07a0b9d559454d0a0 SHA256 checksum (python-cron-iteration-for-splunk_102.tgz) 4a030db7a0a00d43e1823ea087bb71124d4b40723412155b976df801d00b666d SHA256 checksum (python-cron-iteration-for-splunk_101.tgz) ea3a214422112dfa76e1e247b0c5d6b217be49f4486114df22375dde10611ba7 SHA256 checksum (python-cron-iteration-for-splunk_100.tgz) 013044d19dd41a5818232afcda6a8127c70f0accda269b70c86cb2fc5614d6de
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Python Cron Iteration for Splunk

Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
The purpose of this command is to help visualize cron schedules and produce timestamps for expected runs based on the cron schedule. This was created largely to address the question, "How many searches are going to be running at timeblock X based on current search schedules?" While it may be used in other contexts, this command was built for that single purpose.

**Note**: There is a known issue whereby this app cannot be installed along side DBConnect 3.1.3. Install 3.1.4 or later.

Change Log

1.0

  • Initial Release

1.0.1

  • Confirmed compatibility with Splunk 7.2

1.0.2

  • Updated Croniter library to 0.3.27 (Previous version: 0.3.22)
  • Updated Splunk SDK to version 1.6.6 (Previous version: 1.6.2)
  • Removed explicit inclusion of six library. Splunk SDK now seems to include this.
  • Added option to specify an end epoch field instead of iteration count

1.0.3

  • Updated dateutil library
  • Confirmed compatibility with 7.3

1.0.4

  • Confirmed compatibility with 8.0 / py3

Prerequisites

This search command is packaged with the following external libraries:
+ Splunk SDK for Python version 1.6.6 (http://dev.splunk.com/python)
+ Python Croniter Library 0.3.27 (https://github.com/taichino/croniter)
+ Python dateutil Library 2.4.1 (https://github.com/dateutil/dateutil)
+ Python six Library 1.12.0 (https://pypi.org/project/six/)

Nothing further is required for this add-on to function.

Installation

Follow standard Splunk installation procedures to install this app.

Reference: https://docs.splunk.com/Documentation/AddOns/released/Overview/Singleserverinstall
Reference: https://docs.splunk.com/Documentation/AddOns/released/Overview/Distributedinstall

Description

The purpose of this command is to help visualize cron schedules and produce timestamps for expected runs based on the cron schedule. This was created largely to address the question, "How many searches are going to be running at timeblock X based on current search schedules?" While it may be used in other contexts, this command was built for that single purpose.

Usage

Command Type

  • Streaming

Command Usage

| croniter iterations=25 input=cron_schedule start_epoch=timestamp_field

Or

| croniter input=cron_schedule start_epoch=timestamp_field end_epoch=timestamp_field

Note that if both "iterations" and "end_epoch" are specified, the end_epoch will take precedence.

Sample Search

Starting now, show the next 25 expected runs for scheduled searches using a cron schedule and combine them to show which times have the highest number of searches scheduled.

| rest /servicesNS/-/-/saved/searches splunk_server=local
| where disabled=0 and is_scheduled=1
| table cron_schedule,title,disabled,is_scheduled
| croniter iterations=25 input=cron_schedule
| stats values(title) as searches,dc(title) as dc_searches by croniter_return
| convert ctime(croniter_return) timeformat="%Y-%m-%d %H:%M:%S"
| sort 0 - dc_searches

Same as the previous except start the iterations at a timestamp 2 days previous:

| rest /servicesNS/-/-/saved/searches splunk_server=local
| where disabled=0 and is_scheduled=1
| table cron_schedule,title,disabled,is_scheduled
| eval start_epoch=relative_time(now(),"-2d@d")
| croniter iterations=5 input=cron_schedule start_epoch=start_epoch
| stats values(title) as searches,dc(title) as dc_searches by croniter_return
| convert ctime(croniter_return) timeformat="%Y-%m-%d %H:%M:%S"
| sort 0 - dc_searches

Search using an end epoch instead of iteration count as the marker for stopping the generation:

| rest /servicesNS/-/-/saved/searches splunk_server=local
| where disabled=0 and is_scheduled=1
| table cron_schedule,title,disabled,is_scheduled
| eval myendepoch=relative_time(now(),"+3d@d")
| croniter end_epoch=myendepoch input=cron_schedule

Support

If support is required or you would like to contribute to this project, please reference: https://gitlab.com/johnfromthefuture/TA-croniter. This app is supported by the developer as time allows.

Release Notes

Version 1.0.4
Jan. 17, 2020

1.0.4
Confirmed compatibility with Splunk 8/py3

Version 1.0.3
Aug. 1, 2019

## 1.0.3
+ Updated dateutil library
+ Confirmed compatibility with 7.3

Version 1.0.2
Feb. 14, 2019

## 1.0.2
+ Updated Croniter library to 0.3.27 (Previous version: 0.3.22)
+ Updated Splunk SDK to version 1.6.6 (Previous version: 1.6.2)
+ Removed explicit inclusion of six library. Splunk SDK now seems to include this.
+ Added option to specify an end epoch field instead of iteration count (Thanks to user @gjanders for submitting this idea!)

Version 1.0.1
Oct. 22, 2018

Version 1.0.0
May 30, 2018

Initial release.

47
Installs
305
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.