Solved: Report generating

RashmiGowda · ‎03-27-2014

Hello,

I have a log file abc.log.

I need to generate a report. Below are the details
1) Report should be generated and triggered through email on weekly-basis (on Mondays' morning by 0800 Hrs)
2) Report should contain the data logged from previous Monday 12:00 AM till Sunday 12:00am Midnight on the week

Time span is every one hour

Format of the report

Date Time Log details
27/3/2014 00:00 ABC
27/3/2014 01:00 xyz
27/3/2014 02:00 pqr
27/3/2014 03:00 lmn

Any one can ple suggest me the solution

Thanks in advance

linu1988 · ‎03-27-2014

Hello,
the search will have below time range

source=.... earliest=@d-7d latest=@d|....

and the cron schedule would be

0 8 * * 1

Thanks

View solution in original post

linu1988 · ‎03-27-2014

Hello,
the search will have below time range

source=.... earliest=@d-7d latest=@d|....

and the cron schedule would be

0 8 * * 1

Thanks

somesoni2 · ‎03-28-2014

try add following at the end of your search.

your report search so far | fields - _time | table Date, Time, *

RashmiGowda · ‎03-28-2014

Thank you.. @linu1988

1 more query i have.. Now m using the below Query to generate the report

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date

My result is in the below format :
_time, Date, Time, Host

In result m getting the default _time column also. how to eliminate this _time column from the result..??

Also i need the report format as Date, Time, Host1 but the generated report file in mail has _time, Host Date Time..

how to format this..?/

Please help me out..??

linu1988 · ‎03-28-2014

You could try a little from the below link. This will surely help you understand

http://www.dataphyx.com/cronsandbox/cronsandboxgui.php

RashmiGowda · ‎03-28-2014

Thank you.. it worked.. @linu1988

could you ple exlpain about how cron scheduling accepts the parameters..

Thanks in advance

somesoni2 · ‎03-27-2014

Start with the documentations.
http://docs.splunk.com/Documentation/Splunk/6.0.2/Report/Schedulereports

jeremiahc4 · ‎03-27-2014

Seems like a fairly generic ask. Unless you're leaving out some requirements that involve analysis, then it'd be far cheaper to write a shell script that e-mails the log file.

However, if you do actually need to pass through Splunk (log aggregation between hosts perhaps), then your search would look something like;

index=yourIndex earliest=-1d@d latest=@d

You would then need to schedule it in Splunk web via the cron scheduler with something like;
0 8 * * *

jeremiahc4 · ‎03-27-2014

Ah, my bad, missed that it was a weekly report instead of daily. As linu1988 stated, it'd be -7d@d for the earliest time.

Report generating

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?

Report generating

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25