Hello,

I am in need of some help from the community. Is it possible to create a  token in a schedule report and create a trends. I have a file that gets upload loaded every 2 weeks called audit_fimsa(month/date). Every 2 weeks the file name will stay the same but the month and date will change. For example audit_fisma0409.csv. I have 6 different fields that will need to be compared based of the current week and the previous week.  Do I also have to create a report for each field and trends? Here is a sample of the query below that I am working on. This drafted query reflect the week of 04/09 and 03/28. My goal is to create a report that will automatically pull the file based off the new files that get uploaded every 2 weeks. So that I don't have to manually change the dates. I hope this was enough information.

| inputlookup audit_fisma0409.csv 

| table  "Security Review Completion Date" 

| replace -* with NA in "Security Review Completion Date"

| eval time2=if('Security Review Completion Date'<relative_time(now(),"-1Y"),"Expired","Not_expired")

| stats count by time2

| where time2="Expired"



| append

    [

| inputlookup audit_fisma0328.csv 

| table  "Security Review Completion Date" 

| replace -* with NA in "Security Review Completion Date"

| eval time2=if('Security Review Completion Date'<relative_time(now(),"-1Y"),"Expired","Not_expired")

| stats count by time2

| where time2="Expired"]



 | transpose

 | where column="count"

 | eval "Security Review Completed" =round('row 1'/'row 2'-1,2)

 | eval "Security Review Completed" =round('Security Review Completed' * 100, 0)

 | eval _time=strftime(now(),"%m/%d/%Y") 

 

 | table "Security Review Completed" _time