Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Alert report date range

Engineer_Zen
Observer
‎03-31-2021 04:49 AM

So when I use 

Report Start=$job.earliestTime$

Report End=$job.latestTime$

I am getting the below in my mail as response 

Report Start=2021-03-24T06:00:00.000-05:00

Report End=2021-03-31T06:03:00.000-05:00

 

Apart from the dates what are the other fields I am getting?

Is there anyway I can change them to proper IST

@mayurr98 

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-31-2021 07:39 AM

You're getting two fields: Report Start and Report End.  Both contain a single value which a timestamp in a standard format (year-month-dayThour:minute:second.millisecond-timeZoneOffsetFromUTC).

You can use the strftime function to display the timestamps in a different format.

| eval ReportStart=strftime($job.earliestTime$, "%Y-%m-%d %H:%M:%S%Z")
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Engineer_Zen
Observer
‎04-05-2021 02:12 AM

Thank you so much for this it worked out for me. 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-05-2021 05:35 AM

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

manjunathmeti
Champion
‎03-31-2021 06:52 AM

hi @Engineer_Zen,

Check this page for all available tokens for email alert action.

https://docs.splunk.com/Documentation/Splunk/latest/Alert/EmailNotificationTokens

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...