Solved: Report generating

RashmiGowda · ‎03-27-2014

Hello,

I have a log file abc.log.

I need to generate a report. Below are the details
1) Report should be generated and triggered through email on weekly-basis (on Mondays' morning by 0800 Hrs)
2) Report should contain the data logged from previous Monday 12:00 AM till Sunday 12:00am Midnight on the week

Time span is every one hour

Format of the report

Date Time Log details
27/3/2014 00:00 ABC
27/3/2014 01:00 xyz
27/3/2014 02:00 pqr
27/3/2014 03:00 lmn

Any one can ple suggest me the solution

Thanks in advance

linu1988 · ‎03-27-2014

Hello,
the search will have below time range

source=.... earliest=@d-7d latest=@d|....

and the cron schedule would be

0 8 * * 1

Thanks

View solution in original post

linu1988 · ‎03-27-2014

Hello,
the search will have below time range

source=.... earliest=@d-7d latest=@d|....

and the cron schedule would be

0 8 * * 1

Thanks

somesoni2 · ‎03-28-2014

try add following at the end of your search.

your report search so far | fields - _time | table Date, Time, *

RashmiGowda · ‎03-28-2014

Thank you.. @linu1988

1 more query i have.. Now m using the below Query to generate the report

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date

My result is in the below format :
_time, Date, Time, Host

In result m getting the default _time column also. how to eliminate this _time column from the result..??

Also i need the report format as Date, Time, Host1 but the generated report file in mail has _time, Host Date Time..

how to format this..?/

Please help me out..??

linu1988 · ‎03-28-2014

You could try a little from the below link. This will surely help you understand

http://www.dataphyx.com/cronsandbox/cronsandboxgui.php

RashmiGowda · ‎03-28-2014

Thank you.. it worked.. @linu1988

could you ple exlpain about how cron scheduling accepts the parameters..

Thanks in advance

somesoni2 · ‎03-27-2014

Start with the documentations.
http://docs.splunk.com/Documentation/Splunk/6.0.2/Report/Schedulereports

jeremiahc4 · ‎03-27-2014

Seems like a fairly generic ask. Unless you're leaving out some requirements that involve analysis, then it'd be far cheaper to write a shell script that e-mails the log file.

However, if you do actually need to pass through Splunk (log aggregation between hosts perhaps), then your search would look something like;

index=yourIndex earliest=-1d@d latest=@d

You would then need to schedule it in Splunk web via the cron scheduler with something like;
0 8 * * *

jeremiahc4 · ‎03-27-2014

Ah, my bad, missed that it was a weekly report instead of daily. As linu1988 stated, it'd be -7d@d for the earliest time.

Report generating

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life