Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to include a timestamp in alerts in Splunk 6.0?

beattiedb
New Member
‎09-30-2014 08:34 AM

I have a search that produces an Alert.
I want to have the Alert provide a timestamp for the Alert but do not see how this can be done.
I do not want to show the _timestamp on the table of data the Alert provides, just one timestamp along with the Query that is shown with the "Saved search results".
Please tell me what I need to do on the Alert to provide this timestamp.
Thanks.

Tags (3)
0 Karma
Reply

linu1988
Champion
‎09-30-2014 08:49 AM

Hello,
Please go through the documentation below

http://docs.splunk.com/Documentation/Splunk/6.1.3/Alert/Setupalertactions

I have not tried it but, you will find the $trigger_date$ & $trigger_time$ which you can use in the email to send it to recipients.

Thanks,
L

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎09-30-2014 10:38 AM

That's correct, using tokens for alerting was introduced in 6.1 😞

To build something similar in 6.0 requires some fiddling, it'd likely be easier to just upgrade.

0 Karma
Reply

beattiedb
New Member
‎09-30-2014 09:46 AM

I should have mentioned in my original question that we are currently on version 6.0.
I do not see how to use the "$trigger_date$ & $trigger_time$" tokens in our 6.0 version.
Any additional comments/answers would be very much appreciate.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...