Solved: How to include time field in email message body?

Murali · ‎04-02-2023

Hi All,

I'm setting an alert and sending email notification to my inbox.

I have a field called Time and basically it calculates the duration. Example: "25 minutes ago"

Hence , when I include the field in the message , like below:

$result.Time$

I get message in my inbox in seconds.
Example:

Host abcd CPU usage reached 97% 1680502445 . Please investigate.

So if you look here , the 1680502445 is the time duration in seconds.

It suppose to pick the summarized time as per the column result.

Please help how can I get the same output like what I have gathered in the Time1 column.

Thanks

gcusello · ‎04-07-2023

Hi @Murali,

could you share your search?

probably the issue is in the Time formatiing, e.g. you could add at the end of your search:

| eval Time=tostring(Time, "duration")

Ciao.

Giuseppe

View solution in original post

gcusello · ‎04-07-2023

Hi @Murali,

could you share your search?

probably the issue is in the Time formatiing, e.g. you could add at the end of your search:

| eval Time=tostring(Time, "duration")

Ciao.

Giuseppe

gcusello · ‎07-02-2023

Hi @Murali,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

How to include time field in email message body?

alert action

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?