Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to display the scheduled job start time and current time in the alert email subject line?

marellasunil
Communicator
‎02-03-2015 08:34 AM

Hi,
I would like to display the job schedule time in the alert subject line.
For example, I have an alert which is running for the last 15 mins, I wanted to display the Job start time, and present time in subject line.

  1. I have tried adding $job.earliestTime$ in the alert subject line but I am getting empty field,
  2. when I tried "$trigger_time$" I am getting the result as 1422965960 instead of time, Can some one suggest? getting either ways should be fine.
0 Karma
Reply

woodcock
Esteemed Legend
‎10-13-2015 12:12 PM

You can add | addinfo to your search and use $result.whatever$ where whatever is the field from addinfo or another one that you generated (formatted) from those it adds.

0 Karma
Reply

helenashton
Path Finder
‎10-16-2015 01:55 PM

How do you do this but not display the info in the report?
I want to be able to do this for the email subject line for both a scheduled report and a scheduled dashboard.

0 Karma
Reply

woodcock
Esteemed Legend
‎10-16-2015 02:57 PM

You cannot.

0 Karma
Reply

splunkcvc
New Member
‎10-05-2015 07:21 AM

I'm running 6.2.5
To be clear the issue is happening with only dashboards converted to pdf format and emailed via pdf delivery option.

I think the issue with splunk's dashboard mode because there's multiple panels it doesn't know where to grab a timestamp value.

Unlike saved searches and reports the there's only 1 time stamp value being passed.

0 Karma
Reply

cramasta
Builder
‎02-04-2015 06:34 PM

what version are you running? Only the more recent versions of splunk allow you to include these tokens.
When changed the subject line to be
Splunk Report: $job.earliestTime$
I got the following in my email subject line
Splunk Report: 2015-02-04T22:30:00.000+00:00
I am running 6.1.5

0 Karma
Reply

marellasunil
Communicator
‎02-05-2015 12:42 AM

Hi Cramasta,
I am also using splunk 6.1.5
when I am running below details in search I am getting the date in subject line
Query :
sendemail to=XXXXX@splunk.com server=XXXXXXXXXXXXXXX subject="failures between $job.earliestTime$ and $job.latestTime$" message="This is an example message" sendresults=true inline=true format=raw sendpdf=true

But when I am running the query in app (We have created seperate app for alerting), I am getting empty results. Do I need to do any modification in the app to get the exact result? I mean I have enabled "send email" option in the alert setting.

0 Karma
Reply

David
Splunk Employee
Splunk Employee
‎02-05-2015 07:21 AM

Have you tried walking through the workflow in the save alert screen, as opposed to using sendemail? I would not expect there to be a different behavior there, but given that it should work...

0 Karma
Reply

marellasunil
Communicator
‎02-06-2015 12:11 AM

Hi David,
Yes, I have. When I use "$trigger_time$" in the subject line field, It is working (Getting results as 1422965960 instead of date) but when I am using $job.earliestTime$ i am getting empty.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...