Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to format date in email subject for alert trigger action

nadxieli
New Member
‎08-13-2019 11:19 AM

Hi!
I use alerts with Trigger Actions --> send email, and I need to insert the date in the subject in the email.
I tried to use the token $result._time$ print in unix format.

Could you help me please for change the format, for example, "Splunk alert: 13/08/2019 11:23:65"?

Regards.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

diogofgm
SplunkTrust
SplunkTrust
‎08-13-2019 05:43 PM

As the last step of you search you can format you time to what ever you need. Just add this after your search:

Use this if you want to use the event time ( _time )
| eval email_time = strftime(_time,"%d/%m/%Y %H:%M:%S")

Or this if you want the current time ( now() ) when the search was executed
| eval email_time = strftime(now(),"%d/%m/%Y %H:%M:%S")

The different its just the source field being used to generate the timestamp and then use strftime to format it however you want.

You can then use $result.email_time$ in your alert.

------------
Hope I was able to help you. If so, some karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

diogofgm
SplunkTrust
SplunkTrust
‎08-13-2019 05:43 PM

As the last step of you search you can format you time to what ever you need. Just add this after your search:

Use this if you want to use the event time ( _time )
| eval email_time = strftime(_time,"%d/%m/%Y %H:%M:%S")

Or this if you want the current time ( now() ) when the search was executed
| eval email_time = strftime(now(),"%d/%m/%Y %H:%M:%S")

The different its just the source field being used to generate the timestamp and then use strftime to format it however you want.

You can then use $result.email_time$ in your alert.

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

nadxieli
New Member
‎08-14-2019 01:13 PM

Hi! @diogofgm in my search add the command fields with the new field 'email_time' so I can pass the token to email

Thanks you, Regards!

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...