https://community.splunk.com/t5/Splunk-Search/How-to-use-tokens-in-a-report/m-p/686507#M234178 <LI-CODE lang="markup">| inputlookup [| makeresults | eval search="audit_fisma".strftime(relative_time(now(), "@w-1w"), "%m%d").".csv" | table search]</LI-CODE> Mon, 06 May 2024 06:44:35 GMT ITWhisperer 2024-05-06T06:44:35Z https://community.splunk.com/t5/Splunk-Search/How-to-use-tokens-in-a-report/m-p/686503#M234175 <P>Hello,<BR /><BR />I am in need of some help from the community. Is it possible to create a&nbsp; token in a schedule report and create a trends. I have a file that gets upload loaded every 2 weeks called audit_fimsa(month/date). Every 2 weeks the file name will stay the same but the month and date will change. For example audit_fisma0409.csv. I have 6 different fields that will need to be compared based of the current week and the previous week.&nbsp; Do I also have to create a report for each field and trends? Here is a sample of the query below that I am working on. This drafted query reflect the week of 04/09 and 03/28. My goal is to create a report that will automatically pull the file based off the new files that get uploaded every 2 weeks. So that I don't have to manually change the dates. I hope this was enough information.</P> <P>&nbsp;</P> <LI-CODE lang="markup">| inputlookup audit_fisma0409.csv | table "Security Review Completion Date" | replace -* with NA in "Security Review Completion Date" | eval time2=if('Security Review Completion Date'&lt;relative_time(now(),"-1Y"),"Expired","Not_expired") | stats count by time2 | where time2="Expired" | append [ | inputlookup audit_fisma0328.csv | table "Security Review Completion Date" | replace -* with NA in "Security Review Completion Date" | eval time2=if('Security Review Completion Date'&lt;relative_time(now(),"-1Y"),"Expired","Not_expired") | stats count by time2 | where time2="Expired"] | transpose | where column="count" | eval "Security Review Completed" =round('row 1'/'row 2'-1,2) | eval "Security Review Completed" =round('Security Review Completed' * 100, 0) | eval _time=strftime(now(),"%m/%d/%Y") | table "Security Review Completed" _time </LI-CODE> Mon, 06 May 2024 08:56:43 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-tokens-in-a-report/m-p/686503#M234175 Wise_Women 2024-05-06T08:56:43Z https://community.splunk.com/t5/Splunk-Search/How-to-use-tokens-in-a-report/m-p/686507#M234178 <LI-CODE lang="markup">| inputlookup [| makeresults | eval search="audit_fisma".strftime(relative_time(now(), "@w-1w"), "%m%d").".csv" | table search]</LI-CODE> Mon, 06 May 2024 06:44:35 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-tokens-in-a-report/m-p/686507#M234178 ITWhisperer 2024-05-06T06:44:35Z https://community.splunk.com/t5/Splunk-Search/How-to-use-tokens-in-a-report/m-p/686521#M234188 <P>Hi</P><P>one old post for same kind of situation.</P><P><A href="https://community.splunk.com/t5/Splunk-Enterprise/How-to-dynamically-lookup-filename/m-p/645855" target="_blank">https://community.splunk.com/t5/Splunk-Enterprise/How-to-dynamically-lookup-filename/m-p/645855</A></P><P>r. Ismo</P> Mon, 06 May 2024 07:42:30 GMT https://community.splunk.com/t5/Splunk-Search/How-to-use-tokens-in-a-report/m-p/686521#M234188 isoutamo 2024-05-06T07:42:30Z