Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to add date range(start - end) to the report pdf

Engineer_Zen
Observer
‎03-30-2021 05:49 AM

I have to share pdf report as part of the alert for every week how should I add the date range that is the start date to end date (where the user gives the time range in the search of splunk eg. Last 7 days) with pdf and share

@mayurr98

Labels (2)
Labels
0 Karma
Reply

aasabatini
Motivator
‎03-30-2021 08:51 AM

hi @Engineer_Zen 

the timerange in your alert are based on you schedule

for example if you schedule one week, the alert run for the last 7 days.

However you can manage your tiemrange directly in your search with earliest and latest comand.

https://docs.splunk.com/Documentation/Splunk/8.1.3/Search/Specifytimemodifiersinyoursearch

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Reply

Engineer_Zen
Observer
‎04-06-2021 12:08 AM

As part of the alert I have created I am sharing the pdf, how can I share the pdf with date range (that is from start - end date)

IMG_20210406_123330.jpg

 in the image you can see that as part of alert I am sharing the pdf which contains 1 week data (29-3-2021 to 5-4-2021)but my pdf which is shared today gives today's date as pdf title is there anyway that I can have the date range as a pdf name and not the current date as pdf name @mayurr98 @aasabatini

Tags (1)
0 Karma
Reply

Engineer_Zen
Observer
‎04-06-2021 12:18 AM

And how can I add date range inside the pdf. @aasabatini @mayurr98 

0 Karma
Reply

Engineer_Zen
Observer
‎03-31-2021 12:12 AM

Hi @aasabatini  thank you so much for your answer and how could I add the date and time in the alert report

0 Karma
Reply

aasabatini
Motivator
‎03-31-2021 02:06 AM

@Engineer_Zen 

 

in you search you can apply the earliest and latest command

Example last 7 days:

 

Index=myindex sourcetype=mysourcetype ealiest=-7d AND latest=now

example last 5 min

Index=myindex sourcetype=mysourcetype ealiest=-5m AND latest=now

for other example please check the documentation

https://docs.splunk.com/Documentation/Splunk/8.1.3/SearchReference/SearchTimeModifiers

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Reply

Engineer_Zen
Observer
‎03-31-2021 04:45 AM

So when I use 

Report Start=$job.earliestTime$

Report End=$job.latestTime$

I am getting the below in my mail as response 

Report Start=2021-03-24T06:00:00.000-05:00

Report End=2021-03-31T06:03:00.000-05:00

 

Apart from the dates what are the other fields I am getting?

Is there anyway I can change them to proper IST 

0 Karma
Reply

aasabatini
Motivator
‎03-31-2021 04:54 AM

Hi @Engineer_Zen 

I don't understand your question, you can define any fields you want on your search alert.

also you can define on set options on custom fields.

Karma given or solution confirmation appreciated

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...