Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to declare the timerange in a splunk report, which will be generate once a week?

ganinurceski
Engager
‎02-13-2020 05:03 AM

Hello there

There is a report, which shows some useful informations about some Application. Whatever.
Now I want to declare in the the report the timerange (last week, example 03.02.2020 00;00 until 10.02.2020 00:00). Or maybe there is possibility to declare the timerange in the description of the report, like a variable or something like that.

Here is my string, maybe i can build in something:

index=smsc tag=MPRO_PRODUCTION DATA="8000000400000000" OR "8000000400000058"
| dedup DATA
| chart count by SHORT_ID, command_status_code
| search NOT ESME_RTHROTTLED=0
| eval "THROTTLING %"=(ESME_RTHROTTLED/(ESME_RTHROTTLED + ESME_ROK)*100)
| sort - ESME_RTHROTTLED
| head 15

Thanks for your help!

0 Karma
Reply

to4kawa
Ultra Champion
‎02-13-2020 01:45 PM 
| addinfo
| eval timerange = "(".strftime(info_min_time, "%d/%m/%Y %T")." - ".strftime(info_max_time, "%d/%m/%Y %T").")"

try $result.timerange$
cf. addinfo

0 Karma
Reply

manjunathmeti
Champion
‎02-13-2020 06:46 AM

You can use information tokens in the subject or message.

$job.earliestTime$ 
$job.latestTime$
0 Karma
Reply

manjunathmeti
Champion
‎02-13-2020 06:21 AM

Is this report scheduled? If yes, what is the alert action?

0 Karma
Reply

ganinurceski
Engager
‎02-13-2020 06:22 AM

Send an email

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-13-2020 05:53 AM

Depending your definition of "last week", you could use

index=smsc tag=MPRO_PRODUCTION DATA="8000000400000000" OR "8000000400000058" earliest=-1w@w latest=@w

or

index=smsc tag=MPRO_PRODUCTION DATA="8000000400000000" OR "8000000400000058" earliest=-7d@d latest=@d
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

ganinurceski
Engager
‎02-13-2020 06:04 AM

And where this information about the timerange appear? maybe in the filename?

0 Karma
Reply

ganinurceski
Engager
‎02-13-2020 06:06 AM

I've picked the right timerange with the picker. I just want to remark it in the report, so that we can see, when this events happend.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...