Dashboards & Visualizations

How can I pass a time token to an email in a human readable format?

gcusello
SplunkTrust
SplunkTrust

Hi at all,
This is a problem that periodically appears!

I created an alert that triggers a condition without results (results = 0)
I have to pass to the email Tokens with trigger date and trigger time.
To do this, I inserted in the email $trigger_date$ and $trigger_time$.
Obviously the problem is the time-format of $trigger_time$ that is in epoch time and I need it a human readable format.
I cannot use a search field because my error condition is = 0.

How can I solve this problem?

Bye.
Giuseppe

0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

If you're using Splunk Web to create OR edit Alert, during setting up email action, you've option to include "Trigger Time" in the email body (checkbox is available below the Email Body option), which is date and time in human readable format. If you're setting up the alert from savedsearches.conf directly, you can include following attribute to the alert search action.email.include.trigger_time = 1

View solution in original post

0 Karma

somesoni2
SplunkTrust
SplunkTrust

If you're using Splunk Web to create OR edit Alert, during setting up email action, you've option to include "Trigger Time" in the email body (checkbox is available below the Email Body option), which is date and time in human readable format. If you're setting up the alert from savedsearches.conf directly, you can include following attribute to the alert search action.email.include.trigger_time = 1

0 Karma

gcusello
SplunkTrust
SplunkTrust

Thank you somesoni2,
is the position of the Trigger time configurable or fixed in the bottom of email?
Bye.
Giuseppe

0 Karma

somesoni2
SplunkTrust
SplunkTrust

I don't think it's position is configurable. It will be after "Alert Name", Trigger Condition, Any email body that you setup. (will be above "View Results" link and inline table/events.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...