Hello Splunk friends,
I'm trying to send a report from Splunk that contains an attached report.
The email subject needs to be last months date, i.e. "My Report Name _ Mar_22", and the same for the email attachment filename.
I currently have this working using hidden field eval values like so, but I've noticed that if my table returns no results, I'll also get no value for last months date.
My Search looks like so:
Index = myIndex Process = myProcess earliest=-1mon@mon latest=now | eval _date_one_month_ago = relative_time (now(), "-1mon@mon") | eval _reporting_date = strftime (_date_one_month_ago, "%b_%Y") | stats count by orgName
Any help would be really appreciated in populating the email subject and attachment name with last months date, without depending on my table to have data.
Thank you
Try something like this
| appendpipe
[ stats count as _count
| where _count == 0
| eval _date_one_month_ago = relative_time (now(), "-1mon@mon")
| eval _reporting_date = strftime (_date_one_month_ago, "%b_%Y")]
Try something like this
| appendpipe
[ stats count as _count
| where _count == 0
| eval _date_one_month_ago = relative_time (now(), "-1mon@mon")
| eval _reporting_date = strftime (_date_one_month_ago, "%b_%Y")]
Thank you, that's worked!!
How to align with the Alert EMail attachment date?
Please raise a new question detailing your specific requirement (rather than hijacking another question which has already been answered).