Solved: How to add search timeframe to a report results?

kearaspoor · ‎09-12-2013

I have a search that is correctly generating a report that contains just a table, no charts, and no event timestamps.

I need to be able to add the search timeframe parameter somewhere in the results. Either as part of the report name, or as a comment/legend/footnote.

So, if the search spans the previous month, I need something like:

ReportName - mm/dd/yy to mm/dd/yy.

Any suggestions?

HiroshiSatoh · ‎09-12-2013

I can be set in this period if the search time range picker.
However, it is added to all the results.

(your search)|addinfo | eval ReportName =strftime(info_min_time,"%y/%m/%d")."To".strftime(info_max_time,"%y/%m/%d")

If you want to add only one line
(your search)|append [| stats count |addinfo | eval ReportName =strftime(info_min_time,"%y/%m/%d")."To".strftime(info_max_time,"%y/%m/%d") ]

View solution in original post

HiroshiSatoh · ‎09-12-2013

I can be set in this period if the search time range picker.
However, it is added to all the results.

(your search)|addinfo | eval ReportName =strftime(info_min_time,"%y/%m/%d")."To".strftime(info_max_time,"%y/%m/%d")

If you want to add only one line
(your search)|append [| stats count |addinfo | eval ReportName =strftime(info_min_time,"%y/%m/%d")."To".strftime(info_max_time,"%y/%m/%d") ]

kearaspoor · ‎06-16-2014

Thank you! That worked wonderfully!

How to add search timeframe to a report results?

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!