Alert Timing Optimization Scheduler

This app Alert Timing Optimization Scheduler provides a method for evaluating how alert and saved searches scheduling affects a Splunk Enterprise System by reading the CRON settings in the savedsearch.conf file where alert setting are stored and producing a timing list of when the alerts will be run. In addition a new BALANCED savedsearch.conf file will be written LOCALLY in the app for a user to download and install in their Splunk Enterprise system if desired. A balanced savedsearches.conf file will have the alerts and saved searches all running hourly using each of the 60 minutes in the hour to host an alert or alerts in the most resource conserving manner as possible. If your Splunk Enterprise system is MISSING or SKIPPING alerts then this app is essential and will allow you to evaluate your alert schedule and optionally install a new balanced savedsearches.conf file which retains all of your alert settings. Just the timing is set to hourly for all your alerts. This will save you DAYS of using the mouse and Splunk GUI to reschedule your alerts. Give this app a try. At least list out your alert schedule to an easily readable .csv file. Install this app and run | tunealerts help for more info