Reporting

How to include Current Date to Email Subject and Body for Scheduled PDF Delivery?

mlevsh
Builder

We have a dashboard with Scheduled PDF delivery. We are trying to add current Date (for example 1/23/2020 15:53) to Email subject and Email body of email that being sent when PDF delivery triggered.

Something like this:
Email Subject:
Splunk Dashboard: 'Test Dashboard' : 01/23/2020 15:53

Email Body:
A dashboard was generated for 'Test Dashboard' at "01/23/2020 15:53"

Thank you in advance

Tags (1)
0 Karma

emeelan_splunk
Splunk Employee
Splunk Employee

After using @efavreau 's answer, it looks like you're getting the UNIX timestamp, rather than the format you want. Take a look at this: https://answers.splunk.com/answers/601344/date-formatted-fine-in-dashboard-but-incorrectly-i.html

@mlevsh - I'll follow up via email regarding the feedback you left in the docs.

I just found this site: https://www.epochconverter.com/ when I copy your timestamp into it I get 1/24/2020 7:18:58 PM. So, yeah. UNIX.

Best,
Eve

mlevsh
Builder

@emeelan, not clear to me what you mean that I'm getting the unix timestamp? Please show me the timestamp that you use to convert at https://www.epochconverter.com/
I didn't provide any epoch format of time we are getting. The one timestamp I've provided here is this one "1969-12-31T19:00:02.000-05:00" and it is not in epoch format.

0 Karma

emeelan_splunk
Splunk Employee
Splunk Employee

I was wrong. I didn't notice the error message 😞 emailed you back. Hopefully we'll address the inability to add time tokens in emails for jobs and search results in our new Content Export re-factor.

mlevsh
Builder

@emeelan ,
Unix epoch time is the number of seconds that have elapsed since the Unix epoch, that is the time 00:00:00 UTC on 1 January 1970, minus leap seconds.
So it doesn't look like human readable combination of year, date, time , but looks like a big number.

We are using Splunk Cloud 7.0.13.
We know that date is added to the pdf file name being emailed and we add current date to PDF dashboard itself, but management wanted to add date to Email subject:-)
If you look at this documentation article "Use tokens in email notifications" ( https://docs.splunk.com/Documentation/Splunk/7.0.13/Alert/EmailNotificationTokens )
you will find a table there "Tokens available for email notification" that maps token category with alert action , scheduled reports and Scheduled PDF delivery.
The table states that "Search results" and "Job information" email token categories can not be used for Scheduled PDF delivery as they are not supported.
So we cannot pass $result.fieldname$ (part of Search results category) or $job.earliestTime$/ $job.latestTime$ (part of Job information category)
to Email subject ! Splunk documentation states that.

The only categories that can be passed to Email subject for Scheduled Dashboard PDF delivery are Search Metadata category ( $app$ , etc), Server tokens ( $server.serverName$,etc) and Dashboard metadata tokens ($dashboard.title$,etc).
Not clear why people are trying to advice to use $job.earliestTime$/ $job.latestTime$ for Scheduled PDF delivery if it is not possible via use of tokens according to Splunk documentation.

Look at the similar discussion at https://answers.splunk.com/answers/506310/how-to-include-earliest-and-latest-times-in-schedu.html

cmerriman gave an accepted answer at Feb 27, 2017 at 06:30 AM:
"For dashboards, I don't think you can access the earliest and latest time tokens for emails.
http://docs.splunk.com/Documentation/Splunk/6.5.2/Viz/DashboardPDFs#Tokens_available_for_email_notif...
When I have a PDF generated, the date of generation is in the attachement name and then I also have the date range as an HTML panel inside the PDF at the top. That was my workaround." and
DalJeanis suggested to request an enhancement:
DalJeanis ♦ · Feb 27, 2017 at 07:15 AM More...
Seems like an good enhancement to request.

It was 3 years ago and I thought maybe somebody found a way to add date/time to Email subject since then and posted a new question

0 Karma

efavreau
Motivator

In the docs, there's a list of variables that can be used for cases like yours:
https://docs.splunk.com/Documentation/Splunk/Latest/Alert/EmailNotificationTokens

In your dashboard, you would click "Export", Then "Schedule the PDF", and in the form fields for Subject and Message you would use the following:
Subject: Splunk Dashboard: '$dashboard.label$' $job.latestTime$
Message: A dashboard was generated for $dashboard.label$ $job.latestTime$

$dashboard.label$ gives you the dashboard title (also called a label).
$job.latestTime$ gives you Latest time recorded for the search job.

The result gives you the title and the current date/time, although formatted a little differently.

Splunk Dashboard: 'Test Dashboard' 2020-01-23T17:28:46.000-05:00
A dashboard was generated for Test Dashboard 2020-01-23T17:28:46.000-05:00

You can play around with the variables, but I picked the last time recorded for the search job, as the email would occur shortly after that I presume.

###

If this reply helps you, an upvote would be appreciated.

mlevsh
Builder

Hi @efavreau , we tried to use $job.latestTime$ token and it didn't work . Email we get has the following value for $job.latestTime$:
1969-12-31T19:00:02.000-05:00

0 Karma

efavreau
Motivator

Hi @mlevsh, Then my answer worked! You received what you asked for, which is a timestamp in the Subject and Message. Please accept this answer as answering your question. However, the new issue is the timestamp is not accurate. That value of that timestamp is coming from your infrastructure, not the token. If you want to troubleshoot the value of the timestamp, please start another question on Splunk Answers, so we can keep the issues separate.

###

If this reply helps you, an upvote would be appreciated.
0 Karma

mlevsh
Builder

@efavreau ,
$job.earliestTime$ and $job.latestTime$ are both job information tokens and they do not work with Dashboards Scheduled PDF Delivery.

The above tokens give information about specific search jobs and a Dashboard is made up of multiple Reports which in turn has multiple searches.So it cannot extract specific search job information. Because of which we are getting some weird results.

The below document clearly states Job information tokens are not supported for Scheduled PDF Delivery for Dashboards:
https://docs.splunk.com/Documentation/Splunk/7.0.13/Alert/EmailNotificationTokens

Category, Context: Alert Actions, Context: Scheduled Reports, **Context: Scheduled PDF delivery**
Search metadata, Yes, Yes, Yes
**Search results**, Yes, Yes, **No**
**Job information**, Yes, Yes, **No**
Server information, Yes, Yes, Yes
Dashboard information, No, No, Yes
0 Karma

efavreau
Motivator

I don't know what you mean, or why the shifting requirements. Was your initial question not clear enough? Your question was:

We have a dashboard with Scheduled PDF
delivery. We are trying to add current
Date (for example 1/23/2020 15:53) to
Email subject and Email body of email
that being sent when PDF delivery
triggered.

Something like this: Email Subject:
Splunk Dashboard: 'Test Dashboard' :
01/23/2020 15:53

Email Body: A dashboard was generated
for 'Test Dashboard' at "01/23/2020
15:53"

Thank you in advance

Using the tokens, I can get the current date in a scheduled pdf delivery of a dashboard. You confirmed the date shows for you when using the tokens, but there's have an infrastructure issue that prevents the current date from showing. So the question asked, was the question answered. But if that's not the real question, please edit and clarify your question with all the details.

###

If this reply helps you, an upvote would be appreciated.
0 Karma

mlevsh
Builder

@efavreau , I'm not sifting anything and I didn't confirm anything.
You cannot use $job.latestTime$ token in Scheduled PDF delivery as the documentation at the link I provided states.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...