How to declare the timerange in a splunk report, w...

ganinurceski · ‎02-13-2020

Hello there

There is a report, which shows some useful informations about some Application. Whatever.
Now I want to declare in the the report the timerange (last week, example 03.02.2020 00;00 until 10.02.2020 00:00). Or maybe there is possibility to declare the timerange in the description of the report, like a variable or something like that.

Here is my string, maybe i can build in something:

Thanks for your help!

to4kawa · ‎02-13-2020

| addinfo
| eval timerange = "(".strftime(info_min_time, "%d/%m/%Y %T")." - ".strftime(info_max_time, "%d/%m/%Y %T").")"

try $result.timerange$
cf. addinfo

manjunathmeti · ‎02-13-2020

You can use information tokens in the subject or message.

$job.earliestTime$ 
$job.latestTime$

manjunathmeti · ‎02-13-2020

Is this report scheduled? If yes, what is the alert action?

ganinurceski · ‎02-13-2020

Send an email

richgalloway · ‎02-13-2020

Depending your definition of "last week", you could use

index=smsc tag=MPRO_PRODUCTION DATA="8000000400000000" OR "8000000400000058" earliest=-1w@w latest=@w

or

index=smsc tag=MPRO_PRODUCTION DATA="8000000400000000" OR "8000000400000058" earliest=-7d@d latest=@d

---
If this reply helps you, Karma would be appreciated.

ganinurceski · ‎02-13-2020

And where this information about the timerange appear? maybe in the filename?

ganinurceski · ‎02-13-2020

I've picked the right timerange with the picker. I just want to remark it in the report, so that we can see, when this events happend.

How to declare the timerange in a splunk report, which will be generate once a week?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...