Alerting

How to add date range(start - end) to the report pdf

Engineer_Zen
Observer

I have to share pdf report as part of the alert for every week how should I add the date range that is the start date to end date (where the user gives the time range in the search of splunk eg. Last 7 days) with pdf and share

@mayurr98

Labels (2)
0 Karma

aasabatini
Communicator

hi @Engineer_Zen 

the timerange in your alert are based on you schedule

for example if you schedule one week, the alert run for the last 7 days.

However you can manage your tiemrange directly in your search with earliest and latest comand.

https://docs.splunk.com/Documentation/Splunk/8.1.3/Search/Specifytimemodifiersinyoursearch

Engineer_Zen
Observer

As part of the alert I have created I am sharing the pdf, how can I share the pdf with date range (that is from start - end date)

IMG_20210406_123330.jpg

 in the image you can see that as part of alert I am sharing the pdf which contains 1 week data (29-3-2021 to 5-4-2021)but my pdf which is shared today gives today's date as pdf title is there anyway that I can have the date range as a pdf name and not the current date as pdf name @mayurr98 @aasabatini

Tags (1)
0 Karma

Engineer_Zen
Observer

And how can I add date range inside the pdf. @aasabatini @mayurr98 

0 Karma

Engineer_Zen
Observer

Hi @aasabatini  thank you so much for your answer and how could I add the date and time in the alert report

0 Karma

aasabatini
Communicator

@Engineer_Zen 

 

in you search you can apply the earliest and latest command

Example last 7 days:

 

Index=myindex sourcetype=mysourcetype ealiest=-7d AND latest=now

example last 5 min

Index=myindex sourcetype=mysourcetype ealiest=-5m AND latest=now

for other example please check the documentation

https://docs.splunk.com/Documentation/Splunk/8.1.3/SearchReference/SearchTimeModifiers

 

Engineer_Zen
Observer

So when I use 

Report Start=$job.earliestTime$

Report End=$job.latestTime$

I am getting the below in my mail as response 

Report Start=2021-03-24T06:00:00.000-05:00

Report End=2021-03-31T06:03:00.000-05:00

 

Apart from the dates what are the other fields I am getting?

Is there anyway I can change them to proper IST 

0 Karma

aasabatini
Communicator

Hi @Engineer_Zen 

I don't understand your question, you can define any fields you want on your search alert.

also you can define on set options on custom fields.

Karma given or solution confirmation appreciated