Invalid earliest_time error using the java SDK

sharninder · ‎10-30-2014

I'm trying to search using a time range and the query works fine from the UI but when I use curl from the command line, I get a FATAL_ERROR invalid earliest_time error.

curl -u admin:password -k https://localhost:8089/services/search/jobs -d search="search *" -d earliest_time="10/30/2014:0:0:0" -d latest_time="10/30/2014:24:0:0"

What's wrong with the time format?

Update: I did try querying time in the format specified in the _time field and that worked but then the documentation states that the time format I used earlier should also work. Is the documentation incorrect?

sklass · ‎05-14-2015

In poking through the returned data - when it did work it looks like the format should be.

YYYY-MM-DDTHH:MM:SS

Example: 2015-05-02T07:30:00

You can also append your timezone at the end as well. Really this is way harder than it should be.

patng323 · ‎11-28-2016

The same problem happens in the splunk CLI tool.

sharninder · ‎10-31-2014

Can anyone provide an answer to this query?

Invalid earliest_time error using the java SDK

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation

Invalid earliest_time error using the java SDK

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!