the timerange in your alert are based on you schedule
for example if you schedule one week, the alert run for the last 7 days.
However you can manage your tiemrange directly in your search with earliest and latest comand.
As part of the alert I have created I am sharing the pdf, how can I share the pdf with date range (that is from start - end date)
in the image you can see that as part of alert I am sharing the pdf which contains 1 week data (29-3-2021 to 5-4-2021)but my pdf which is shared today gives today's date as pdf title is there anyway that I can have the date range as a pdf name and not the current date as pdf name @mayurr98 @aasabatini
in you search you can apply the earliest and latest command
Example last 7 days:
Index=myindex sourcetype=mysourcetype ealiest=-7d AND latest=now
example last 5 min
Index=myindex sourcetype=mysourcetype ealiest=-5m AND latest=now
for other example please check the documentation
So when I use
I am getting the below in my mail as response
Apart from the dates what are the other fields I am getting?
Is there anyway I can change them to proper IST
I don't understand your question, you can define any fields you want on your search alert.
also you can define on set options on custom fields.
Karma given or solution confirmation appreciated