Solved: How to print a splunk variable?

satyajit7 · ‎04-06-2021

How to print a splunk default variable in search query? Actually I have two variables like $job.earliestTime$ and $job.latestTime$. And I want this two to use in alert so that it will give me the date range in the pdf. Can somebody please suggest.

satyajit7 · ‎04-06-2021

@gcusello Thanks for your reply and I got solution as well. I have looked to that doc and got some ideas. Now I'm able to print the date range in Tabular format.

My code looks like this and it's working perfectly

....|addinfo| eval startDate= strftime(info_min_time,"%Y-%m-%d")| eval endDate= strftime(info_max_time,"%Y-%m-%d")|table startDate endDate.

Thanks again.

View solution in original post

satyajit7 · ‎04-06-2021

And I'm trying to use like this

.....|eval startDate = $job.earliestTime$ | eval endDate = $job.latestTime$ | table startDate endDate

gcusello · ‎04-06-2021

Hi @satyajit7,

see the addinfo command (https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Addinfo)

you need info_min_time and info_max_time.

ciao.

Giuseppe

satyajit7 · ‎04-06-2021

@gcusello Thanks for your reply and I got solution as well. I have looked to that doc and got some ideas. Now I'm able to print the date range in Tabular format.

My code looks like this and it's working perfectly

....|addinfo| eval startDate= strftime(info_min_time,"%Y-%m-%d")| eval endDate= strftime(info_max_time,"%Y-%m-%d")|table startDate endDate.

Thanks again.

gcusello · ‎04-06-2021

Hi @satyajit7,

good for your and see next time!

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

How to print a splunk variable?

eval

table

timechart

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk

Modern way of developing distributed application using OTel