Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get the Trigger Time to appear in 24 hour format in alert emails?

pchadwick
Explorer
‎05-04-2016 02:08 AM

I've set up an alert to send an email and all works well. I have ticked "Trigger Time" to be included in the email. How do I get the Trigger time to appear in 24 hour format as it currently isn't?

Trigger time in the alert email always appears like this: 

"Trigger Time:  11:30:11 on May 03, 2016."

My users have complained that they want it in 24 hour format. How do I do this?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-04-2016 06:23 AM

Ok so first and foremost, HI and welcome to the forum.

2ndly please proceed with caution regarding the solution i'm about to give you as it is a "hack" It will not be supported, it will not persist after upgrades, and therefore you'll have to make the change after every upgrade, and you should make a backup of this file first, etc.

If you look at this file:
$SPLUNK_HOME/etc/apps/search/bin/sendemail.py

In my copy on line 235 i have this:

            ssContent['trigger_timeHMS'] = time.strftime("%I:%M:%S", triggerSeconds)

It's part of a bigger code block seen below:

    ssContent['trigger_date'] = None
    ssContent['trigger_timeHMS'] = None
    ssContent['trigger_time'] = argvals.get('trigger_time')
    if normalizeBoolean(ssContent['trigger_time']):
        try:
            triggerSeconds = time.localtime(float(ssContent['trigger_time']))
            ssContent['trigger_date'] = time.strftime("%B %d, %Y", triggerSeconds)
            ssContent['trigger_timeHMS'] = time.strftime("%I:%M:%S", triggerSeconds)
        except Exception, e:
            logger.error(e)

If you change the %I to %H as shown below... this will give you 24h (zero padded format... aka 01... 09, 10,11...24). You might have more requests around this... i suggest this site for reference: http://strftime.org/

            ssContent['trigger_timeHMS'] = time.strftime("%H:%M:%S", triggerSeconds)

Cheers and best of luck,
Jkat54

Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...