Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

sendemail turns dates into 0NaN-NaN-NaN NaN:NaN:NaN

BenAveling
Path Finder
‎01-15-2014 07:18 PM

If I enter "*|timechart count by host", my search returns _times like this: "2014-01-14 09:00:00".

If I enter "*|timechart count by host|sendemail ...", all the _times become "0NaN-NaN-NaN NaN:NaN:NaN".

Why is this happening?

Tags (2)
0 Karma
Reply

linu1988
Champion
‎01-15-2014 07:42 PM

Hello,
you need to format the times before you send the mail.

timechart ...|eval Time=strftime(_time,"%Y/%m/%d %T")|table Time,field1,field2
0 Karma
Reply

linu1988
Champion
‎01-20-2014 09:57 PM

I have updated the answer could you check now?

0 Karma
Reply

BenAveling
Path Finder
‎01-20-2014 08:51 PM

Doesn't help. In fact, adding fieldformat _time=... on its own is enough to turn _time into 0NaN-NaN-NaN NaN:NaN:NaN, even without the sendmail. 😕

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...