Hi Woodcock,

I am having same issue of adding yesterday's date in my email message. You mentioned to add above eval in SPL. Could you please elaborate how to add it.

I tried to add it by editing sendemail.py but it is not working. Do I need to import any packages to use below code
yesterday = datetime.datetime.now() - datetime.timedelta(days = 1)
ssContent['action.email.message'] = argvals.get('message') + " "+ yesterday.strftime("%d.%m.%Y")

Please help.. Sorry for adding comment in this existing post

Open the Saved Search that is generating the email and add my answer to the bottom of the search string and click the Save button. Then to back and edit the email Alert Action associated with the Saved Search and add $result._yesterday$ to the email subject.

Thanks Woodcock, that worked as perfect as I am looking for..

OK, then be sure to come back here and click Accept on this answer to close the question and help anybody else coming behind you asking for something similar.

I don't think you need to modify sendemail.py in order for this to work. If you copy the line above exactly as it is into your SPL, which is your splunk query, it will create a hidden column that evaluates to the previous day. If you want to see the column remove the underscore from the beginning of the name, do | eval yesterday = . . . instead. I would suggest to add the line for the date as the last line of your SPL and use a scheduled report to get the email sent out.