<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Splunk python sdk oneshot search: How to get earliest_time and latest_time in datetime format? in Splunk Search</title>
    <link>https://community.splunk.com/t5/Splunk-Search/Splunk-python-sdk-oneshot-search-How-to-get-earliest-time-and/m-p/145272#M40468</link>
    <description>&lt;P&gt;Those dates are present in result as columns (or keys)&lt;/P&gt;

&lt;P&gt;&lt;CODE&gt;&lt;BR /&gt;
search_results = service.jobs.oneshot(search_query, **kwargs)&lt;BR /&gt;
reader = results.ResultsReader(search_results)&lt;BR /&gt;
columns = reader[0].keys()&lt;BR /&gt;
&lt;/CODE&gt;&lt;/P&gt;</description>
    <pubDate>Mon, 28 Sep 2020 20:11:46 GMT</pubDate>
    <dc:creator>i2sheri</dc:creator>
    <dc:date>2020-09-28T20:11:46Z</dc:date>
    <item>
      <title>Splunk python sdk oneshot search: How to get earliest_time and latest_time in datetime format?</title>
      <link>https://community.splunk.com/t5/Splunk-Search/Splunk-python-sdk-oneshot-search-How-to-get-earliest-time-and/m-p/145271#M40467</link>
      <description>&lt;P&gt;I have a one shot search to which i am passing earliest time and latest time from time range picker.  Trying to generate a  report from the search results for which i need search time range as strings or python date objects.&lt;/P&gt;

&lt;P&gt;For Ex:&lt;BR /&gt;
Time Range: previous month&lt;BR /&gt;
earliest_time: -1mon@mon&lt;BR /&gt;
latest_time:  @mon' &lt;/P&gt;

&lt;P&gt;I need above times python date object&lt;BR /&gt;
30-04-2015&lt;BR /&gt;
31-05-2015&lt;/P&gt;

&lt;P&gt;also my search ends with &lt;CODE&gt;| chart count bla by date&lt;/CODE&gt; =&amp;gt; the dates are columns which i couldn't see in ResultsReader&lt;/P&gt;</description>
      <pubDate>Mon, 28 Sep 2020 20:11:43 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Splunk-Search/Splunk-python-sdk-oneshot-search-How-to-get-earliest-time-and/m-p/145271#M40467</guid>
      <dc:creator>i2sheri</dc:creator>
      <dc:date>2020-09-28T20:11:43Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk python sdk oneshot search: How to get earliest_time and latest_time in datetime format?</title>
      <link>https://community.splunk.com/t5/Splunk-Search/Splunk-python-sdk-oneshot-search-How-to-get-earliest-time-and/m-p/145272#M40468</link>
      <description>&lt;P&gt;Those dates are present in result as columns (or keys)&lt;/P&gt;

&lt;P&gt;&lt;CODE&gt;&lt;BR /&gt;
search_results = service.jobs.oneshot(search_query, **kwargs)&lt;BR /&gt;
reader = results.ResultsReader(search_results)&lt;BR /&gt;
columns = reader[0].keys()&lt;BR /&gt;
&lt;/CODE&gt;&lt;/P&gt;</description>
      <pubDate>Mon, 28 Sep 2020 20:11:46 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Splunk-Search/Splunk-python-sdk-oneshot-search-How-to-get-earliest-time-and/m-p/145272#M40468</guid>
      <dc:creator>i2sheri</dc:creator>
      <dc:date>2020-09-28T20:11:46Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk python sdk oneshot search: How to get earliest_time and latest_time in datetime format?</title>
      <link>https://community.splunk.com/t5/Splunk-Search/Splunk-python-sdk-oneshot-search-How-to-get-earliest-time-and/m-p/145273#M40469</link>
      <description>&lt;P&gt;This might no return all dates, it returns dates from search results. For Ex: If search did not return any events for  20-04-2015 then this date will not be present in reader[0].keys() &lt;/P&gt;</description>
      <pubDate>Tue, 11 Aug 2015 06:40:49 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Splunk-Search/Splunk-python-sdk-oneshot-search-How-to-get-earliest-time-and/m-p/145273#M40469</guid>
      <dc:creator>i2sheri</dc:creator>
      <dc:date>2015-08-11T06:40:49Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk python sdk oneshot search: How to get earliest_time and latest_time in datetime format?</title>
      <link>https://community.splunk.com/t5/Splunk-Search/Splunk-python-sdk-oneshot-search-How-to-get-earliest-time-and/m-p/145274#M40470</link>
      <description>&lt;P&gt;you can use this search to get from and to dates&lt;/P&gt;

&lt;P&gt;&lt;CODE&gt;&lt;BR /&gt;
          search index=* | head 1&lt;BR /&gt;
          |eval e=relative_time(now(), "-1mon@mon")&lt;BR /&gt;
          |eval l=relative_time(now(), "@mon")&lt;BR /&gt;
          |eval ee=strftime(e, "%m/%d/%Y:%H:%M:%S")&lt;BR /&gt;
          |eval ll=strftime(l, "%m/%d/%Y:%H:%M:%S")&lt;BR /&gt;
          |table e l ee ll&lt;BR /&gt;
&lt;/CODE&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 29 Sep 2020 07:20:40 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Splunk-Search/Splunk-python-sdk-oneshot-search-How-to-get-earliest-time-and/m-p/145274#M40470</guid>
      <dc:creator>i2sheri</dc:creator>
      <dc:date>2020-09-29T07:20:40Z</dc:date>
    </item>
  </channel>
</rss>

