Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get the Trigger Time to appear in 24 hour format in alert emails?

pchadwick
Explorer
‎05-04-2016 02:08 AM

I've set up an alert to send an email and all works well. I have ticked "Trigger Time" to be included in the email. How do I get the Trigger time to appear in 24 hour format as it currently isn't?

Trigger time in the alert email always appears like this: 

"Trigger Time:  11:30:11 on May 03, 2016."

My users have complained that they want it in 24 hour format. How do I do this?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-04-2016 06:23 AM

Ok so first and foremost, HI and welcome to the forum.

2ndly please proceed with caution regarding the solution i'm about to give you as it is a "hack" It will not be supported, it will not persist after upgrades, and therefore you'll have to make the change after every upgrade, and you should make a backup of this file first, etc.

If you look at this file:
$SPLUNK_HOME/etc/apps/search/bin/sendemail.py

In my copy on line 235 i have this:

            ssContent['trigger_timeHMS'] = time.strftime("%I:%M:%S", triggerSeconds)

It's part of a bigger code block seen below:

    ssContent['trigger_date'] = None
    ssContent['trigger_timeHMS'] = None
    ssContent['trigger_time'] = argvals.get('trigger_time')
    if normalizeBoolean(ssContent['trigger_time']):
        try:
            triggerSeconds = time.localtime(float(ssContent['trigger_time']))
            ssContent['trigger_date'] = time.strftime("%B %d, %Y", triggerSeconds)
            ssContent['trigger_timeHMS'] = time.strftime("%I:%M:%S", triggerSeconds)
        except Exception, e:
            logger.error(e)

If you change the %I to %H as shown below... this will give you 24h (zero padded format... aka 01... 09, 10,11...24). You might have more requests around this... i suggest this site for reference: http://strftime.org/

            ssContent['trigger_timeHMS'] = time.strftime("%H:%M:%S", triggerSeconds)

Cheers and best of luck,
Jkat54

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...