Solved: How to include Start Time and End Time in the mess...

skathpal · ‎02-21-2015

Hello Experts,

Need help to setup the output action of Reports where in message body I can see the start and end time of report data. Let say I scheduled the report every 3 Hours via email(Output Action). In Email message body we want to see the time of the report . Start time 3 Pm and End time 6 Pm so that system owner knows its 3 hours data from 3pm to 6 pm.

Sample
Message Body

Report Name: Top 10 External IP Denied

Report Start Time: Which field ??
Report End Time : ???

Description: Displays the top 10 foreign addresses that were denied inbound access by external firewall.

Hope my question is clear.

vasanthmss · ‎02-23-2015

Hi Skathpal,

Try This,

Report Start = $job.earliestTime$
Report End= $job.latestTime$

For more Info Read this Link

Cheers!!!

V

View solution in original post

vasanthmss · ‎02-23-2015

Hi Skathpal,

Try This,

Report Start = $job.earliestTime$
Report End= $job.latestTime$

For more Info Read this Link

Cheers!!!

V

HiroshiSatoh · ‎02-22-2015

You can add the 「info_min_time」 and 「info_max_time」 in 「| addinfo」.

・info_min_time: the earliest time bound for the search
・info_max_time: the latest time bound for the search

How to include Start Time and End Time in the message body of a scheduled email report?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk