Reporting

Run a search and generate a report every morning at 7:30AM for the previous day (from 00:00:00 to 23:59:59)

Engager

I am struggling to figure out the search I need to generate a report from the previous day. I want to capture all assigned IP address on our network from 00:00:00am until 23:59:00pm everyday and email it to our IT department in the morning @ 7:30.

i have tried:
dhcp* punct=":::___...::::::--/" earliest=@d latest=@d+23h+55m ( this is okay as long as
I run the search at the right time.)

I am just wondering if there is some other way.

Thanks.

Tags (2)
0 Karma
1 Solution

Path Finder

For your earliest time try "-1d@d" and for the latest time try "@d". At 7:30AM, -1d@d is 00:00:00 of the previous day, and @d is 00:00:00 of the current day.

Here's the reference for relative time modifiers in Splunk:

http://docs.splunk.com/Documentation/Splunk/6.0.3/SearchReference/SearchTimeModifiers#How_to_specify...

"@d" means snap to the day, which will always give you 00:00:00. -1 means, obviously, 1 day in the past. @d by itself always gives you midnight of the current day.

Hope this helps!

View solution in original post

Path Finder

For your earliest time try "-1d@d" and for the latest time try "@d". At 7:30AM, -1d@d is 00:00:00 of the previous day, and @d is 00:00:00 of the current day.

Here's the reference for relative time modifiers in Splunk:

http://docs.splunk.com/Documentation/Splunk/6.0.3/SearchReference/SearchTimeModifiers#How_to_specify...

"@d" means snap to the day, which will always give you 00:00:00. -1 means, obviously, 1 day in the past. @d by itself always gives you midnight of the current day.

Hope this helps!

View solution in original post

Engager

Thanks for the input. I will give that a try. With the statement you have provided it wouldn't matter what time I ran the search I would just be getting the results from the previous day. The only thing to change would be the cron schedule. It's there a way to make the report come as a single pdf file instead of multiple files?

0 Karma

Champion

the cron schedule will be 30 7 * * * in the search

earliest=-1d@d latest=@d