How to provide time frame for the search and expor...

ebeid · ‎12-11-2017

I'm doing search through postman to search against https://DomainName:8089/services/search/jobs/export
I do a POST call with this payload search=search%20index%3DINDEXNAME%20QUERY
It is working fine but I have two issues:

I don't know how to provide time range for the search.
I need the results in JSON format, not XML

sbbadri · ‎12-11-2017

@ebeid

1) time frame: search=search%20index%3DINDEXNAME%20index_earliest =-2d%20index_latest =now%20QUERY
2) outputmode json: search=search%20index%3DINDEXNAME%20index_earliest =-2d%20index_latest =now%20output_mode=json%20QUERY
outputmode xml: search=search%20index%3DINDEXNAME%20index_earliest =-2d%20index_latest =now%20output_mode=xml%20QUERY

by default results will be xml

check below link,

http://docs.splunk.com/Documentation/Splunk/7.0.1/RESTREF/RESTsearch#search.2Fjobs.2Fexport

i hope this helps

How to provide time frame for the search and export format when posting to /search/jobs/export using PostMan ?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation