Skip to content

Splunk Practice Exercise 9: Scheduling Reports

Introduction

This practice exercise focuses on scheduling a report to send the top 5 sales in the last week every Monday morning at 6 am.

Step 1: Access Splunk Web

  1. Open your web browser and navigate to Splunk Web:

    http://<your server ip>:8000

  2. Log in using your credentials.

Step 2: Navigate to Search & Reporting App

  1. In the Splunk Web interface, go to the Search & Reporting app.

Step 3: Construct the Search Query

  1. In the search bar, enter the following in the search tab:

Query:

index=tutorial sourcetype=vendor_sales earliest=-1w latest=now | top VendorID limit=5

This will display the top 5 vendor sales by counting the VendorID

Step 4: Schedule the Report

  1. After executing the search query, click on the Save As button.

  2. Choose Report and use Top 5 Weekly Vendor Sales.

  3. Click Save.

Step 5: Set Up the Schedule

  1. Go to the Reports tab.

  2. Find the saved report and click on its name to open it.

  3. Click on the Schedule button.

  4. Configure the schedule settings:

    • Set the Run on option to Cron Schedule.

    • Use the following cron schedule to run every Monday at 6 am:

      • 0 6 * * 1

      • This schedule means "At 6:00 AM every Monday."

  5. Set up other options such as the time zone and your email as recipient for the report.

  6. Save the schedule settings

Conclusion

Congratulations! You have successfully completed the practice exercise, scheduling a report to send the top 5 sales in the last week every Monday morning at 6 am. Continue to explore and experiment with different scheduling options and report configurations to enhance your Splunk skills.