Archive

Invalid earliest_time error using the java SDK

New Member

I'm trying to search using a time range and the query works fine from the UI but when I use curl from the command line, I get a FATAL_ERROR invalid earliest_time error.

curl -u admin:password -k https://localhost:8089/services/search/jobs -d search="search *" -d earliest_time="10/30/2014:0:0:0" -d latest_time="10/30/2014:24:0:0"

What's wrong with the time format?

Update: I did try querying time in the format specified in the _time field and that worked but then the documentation states that the time format I used earlier should also work. Is the documentation incorrect?

Tags (1)
0 Karma

Path Finder

In poking through the returned data - when it did work it looks like the format should be.

YYYY-MM-DDTHH:MM:SS

Example: 2015-05-02T07:30:00

You can also append your timezone at the end as well. Really this is way harder than it should be.

Explorer

The same problem happens in the splunk CLI tool.

0 Karma

New Member

Can anyone provide an answer to this query?

0 Karma