https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232949#M45420 <P>In the UI, we have an option to search results from the beginning of out log collecting using the 'all time' option.</P> <P>Is there a way of getting this info via the SDK?</P> <P>If so, What are the best practices for that? I'm currently using <CODE>create_search</CODE>going backwards one day and by that getting all the info, But i'm not sure this is the way to go. </P> Mon, 09 Jan 2017 13:06:45 GMT TierSeven 2017-01-09T13:06:45Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232949#M45420 <P>In the UI, we have an option to search results from the beginning of out log collecting using the 'all time' option.</P> <P>Is there a way of getting this info via the SDK?</P> <P>If so, What are the best practices for that? I'm currently using <CODE>create_search</CODE>going backwards one day and by that getting all the info, But i'm not sure this is the way to go. </P> Mon, 09 Jan 2017 13:06:45 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232949#M45420 TierSeven 2017-01-09T13:06:45Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232950#M45421 <P>Are you looking for best practices regarding the REST API input or searching all time data?</P> Mon, 09 Jan 2017 17:01:48 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232950#M45421 dlamb_splunk 2017-01-09T17:01:48Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232951#M45422 <P>regarding the REST API. I'm trying to get all logged events from the beginning.</P> Wed, 11 Jan 2017 09:07:44 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232951#M45422 TierSeven 2017-01-11T09:07:44Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232952#M45423 <P>Hi TierSeven, </P> <P>Please refer to the Splunk REST API Reference Manual to see if any of the search endpoints can meet your specific requirements: <BR /> <A href="http://docs.splunk.com/Documentation/Splunk/6.5.1/RESTREF/RESTsearch">http://docs.splunk.com/Documentation/Splunk/6.5.1/RESTREF/RESTsearch</A></P> <P>Hope this helps. Thanks!<BR /> Hunter</P> Wed, 11 Jan 2017 12:39:42 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232952#M45423 hunters_splunk 2017-01-11T12:39:42Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232953#M45424 <P>Thanks for the answer, I'm afraid i did not explain myself all that well.<BR /> I'm using the Splunk Ruby SDK (Which uses the REST API of course).<BR /> I'm trying to figure out how to retrieve every log entry i have on my Spluk since the beginning.<BR /> Currently i'm using <CODE>create_search</CODE>but i'm not sure this is the way to go.<BR /> I'll update the question.</P> Wed, 11 Jan 2017 12:45:37 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232953#M45424 TierSeven 2017-01-11T12:45:37Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232954#M45425 <P>I downvoted this post because answer not addressed the question</P> Wed, 07 Jun 2017 19:34:28 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232954#M45425 Motoko89 2017-06-07T19:34:28Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232955#M45426 <P>I downvoted this post because does not answer the question</P> Sun, 03 Sep 2017 23:05:59 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-an-all-time-search-with-Splunk-Ruby-SDK/m-p/232955#M45426 reilly1 2017-09-03T23:05:59Z