Query about fill summary index

lanilim16 · ‎07-03-2015

I've tried to run this..

./splunk cmd python fill_summary_index.py -app search -name "summary" -et 06/14/2015:08:00:00 -lt 06/14/2015:08:59:59 -dedup true

but didn't work, what's the format of the date?

Failed to get list of scheduled times for saved search 'summary-etransfer' (app = 'search', error = '[HTTP 400] Bad Request; [{'text': "\n In handler 'savedsearch': Cannot parse time argument 'earliest_time': '06/14/2015:08:00:00'", 'type': 'ERROR', 'code': None}]'

martin_mueller · ‎07-03-2015

According to the script's usage output, epoch integers or splunk relative time notation.

-et <string>            Earliest time (required).  Either a UTC time (integer since unix epoch) 
                                        or a Splunk search relative time string [1].

-lt <string>            Latest time (required).  Either a UTC time (integer since unix epoch) 
                                        or a Splunk search relative time string [1].

Query about fill summary index

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

How Edge Processor's Durable Queue Works

Announcing Modern Navigation: A New Era of Splunk User Experience

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Join the Conversation

Query about fill summary index

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

How Edge Processor's Durable Queue Works

Announcing Modern Navigation: A New Era of Splunk User Experience

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights