Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Creating a metadata report gives wrong date

EldadDor
Engager
‎04-01-2014 02:11 AM

I've found in the forum a nice way to query the metadata tables to check if our servers are writing logs,

the search term I'm using:

| metadata type=hosts index=distrib | eval mytime=strftime (recentTime, "%y-%m-%d %H:%M:%S") | eval currentTime=strftime(now(), "%y-%m-%d %H:%M:%S") | eval minutesAgo=round(((now()-recentTime)/60),0) | table sourcetype,host,lastTime,source,recentTime,mytime,currentTime,minutesAgo | where (abs(minutesAgo) > 1)

which works great, but when I'm using it as a report, the generated report gives
the current time as 70-01-01 02:00:00.
The TimeRange configured is

start time: rt-1m

finish time: rt

(I've tried some other time variations, but always got the same result)

(btw we're using Splunk 6)

Can you provide any help on the subject?

Tags (3)
0 Karma
Reply

EldadDor
Engager
‎04-02-2014 02:24 AM

Did the trick 🙂

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎04-01-2014 03:11 AM

Use time() instead of now(). The latter gives you the time the search was launched, and can be trouble in certain constellations. Using time() will also self-update the timestamp over the potentially long-running realtime search.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...