Splunk Dev

How to send a report with custom date for Splunk email subject and attachment name?

mokers
Engager

Hello Splunk friends,

I'm trying to send a report from Splunk that contains an attached report.

The email subject needs to be last months date, i.e. "My Report Name _ Mar_22", and the same for the email attachment filename. 

I currently have this working using hidden field eval values like so, but I've noticed that if my table returns no results, I'll also get no value for last months date.

My Search looks like so:

 

 

 

 

Index = myIndex Process = myProcess earliest=-1mon@mon latest=now | eval _date_one_month_ago = relative_time (now(), "-1mon@mon") | eval _reporting_date = strftime (_date_one_month_ago, "%b_%Y") | stats count by orgName

 

 

 

 

 

mokers_0-1650623612671.png

Any help would be really appreciated in populating the email subject and attachment name with last months date, without depending on my table to have data.

Thank you

Labels (1)
Tags (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

Try something like this

| appendpipe
  [ stats count as _count
  | where _count == 0
  | eval _date_one_month_ago = relative_time (now(), "-1mon@mon")
  | eval _reporting_date = strftime (_date_one_month_ago, "%b_%Y")]

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Try something like this

| appendpipe
  [ stats count as _count
  | where _count == 0
  | eval _date_one_month_ago = relative_time (now(), "-1mon@mon")
  | eval _reporting_date = strftime (_date_one_month_ago, "%b_%Y")]
0 Karma

mokers
Engager

Thank you, that's worked!! 

0 Karma

warrenchui
New Member

How to align with the Alert EMail attachment date?

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Please raise a new question detailing your specific requirement (rather than hijacking another question which has already been answered).

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...