Re: How to include a timestamp in alerts in Splunk...

beattiedb · ‎09-30-2014

I have a search that produces an Alert.
I want to have the Alert provide a timestamp for the Alert but do not see how this can be done.
I do not want to show the _timestamp on the table of data the Alert provides, just one timestamp along with the Query that is shown with the "Saved search results".
Please tell me what I need to do on the Alert to provide this timestamp.
Thanks.

linu1988 · ‎09-30-2014

Hello,
Please go through the documentation below

http://docs.splunk.com/Documentation/Splunk/6.1.3/Alert/Setupalertactions

I have not tried it but, you will find the $trigger_date$ & $trigger_time$ which you can use in the email to send it to recipients.

Thanks,
L

martin_mueller · ‎09-30-2014

That's correct, using tokens for alerting was introduced in 6.1 😞

To build something similar in 6.0 requires some fiddling, it'd likely be easier to just upgrade.

beattiedb · ‎09-30-2014

I should have mentioned in my original question that we are currently on version 6.0.
I do not see how to use the "$trigger_date$ & $trigger_time$" tokens in our 6.0 version.
Any additional comments/answers would be very much appreciate.

How to include a timestamp in alerts in Splunk 6.0?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!