Re: How to include a timestamp in alerts in Splunk...

beattiedb · ‎09-30-2014

I have a search that produces an Alert.
I want to have the Alert provide a timestamp for the Alert but do not see how this can be done.
I do not want to show the _timestamp on the table of data the Alert provides, just one timestamp along with the Query that is shown with the "Saved search results".
Please tell me what I need to do on the Alert to provide this timestamp.
Thanks.

linu1988 · ‎09-30-2014

Hello,
Please go through the documentation below

http://docs.splunk.com/Documentation/Splunk/6.1.3/Alert/Setupalertactions

I have not tried it but, you will find the $trigger_date$ & $trigger_time$ which you can use in the email to send it to recipients.

Thanks,
L

martin_mueller · ‎09-30-2014

That's correct, using tokens for alerting was introduced in 6.1 😞

To build something similar in 6.0 requires some fiddling, it'd likely be easier to just upgrade.

beattiedb · ‎09-30-2014

I should have mentioned in my original question that we are currently on version 6.0.
I do not see how to use the "$trigger_date$ & $trigger_time$" tokens in our 6.0 version.
Any additional comments/answers would be very much appreciate.

How to include a timestamp in alerts in Splunk 6.0?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation