Re: Alert report date range

Engineer_Zen · ‎03-31-2021

So when I use

Report Start=$job.earliestTime$

Report End=$job.latestTime$

I am getting the below in my mail as response

Report Start=2021-03-24T06:00:00.000-05:00

Report End=2021-03-31T06:03:00.000-05:00

Apart from the dates what are the other fields I am getting?

Is there anyway I can change them to proper IST

@mayurr98

richgalloway · ‎03-31-2021

You're getting two fields: Report Start and Report End. Both contain a single value which a timestamp in a standard format (year-month-dayThour:minute:second.millisecond-timeZoneOffsetFromUTC).

You can use the strftime function to display the timestamps in a different format.

| eval ReportStart=strftime($job.earliestTime$, "%Y-%m-%d %H:%M:%S%Z")

---
If this reply helps you, Karma would be appreciated.

Engineer_Zen · ‎04-05-2021

Thank you so much for this it worked out for me.

richgalloway · ‎04-05-2021

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

---
If this reply helps you, Karma would be appreciated.

manjunathmeti · ‎03-31-2021

hi @Engineer_Zen,

Check this page for all available tokens for email alert action.

https://docs.splunk.com/Documentation/Splunk/latest/Alert/EmailNotificationTokens

Alert report date range

alert action

alert condition

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!