In order for me to create appropriate Splunk alerts for a certain process, I need to be able to dynamically generate the searches used by the alert based on the search time used for the search. I emphasize "search time", because a lot of Splunk's functionality is based on the event time.
When searching from StartSearchDate=YYYY_MM_DD at HH:MM:SS to EndSearchDate=YYYY_MM_DD at HH:MM:SS , I need to search for the following in a log: DataFile_($StartSearchDate - 1 day).dat
The full search query will be:
DataFile_($StartSearchDate - 1 day).dat + "Some static string"
For example:
With the search time range as 01/25/2014 03:00 - 01/25/2014 05:00, the search will be
DataFile_20140124.dat + "Some static string"
I will also need to take care of edge cases such as the first day of a new year and of a new month.
Example: First day of 2014
DataFile_20131231.dat + "Some static string"
Example: First day of December 2014
DataFile_20141130.dat + "Some static string"
Is there a way to do this using Splunk alerts?
Thanks in advance!
... View more