Query about fill summary index

lanilim16 · ‎07-03-2015

I've tried to run this..

./splunk cmd python fill_summary_index.py -app search -name "summary" -et 06/14/2015:08:00:00 -lt 06/14/2015:08:59:59 -dedup true

but didn't work, what's the format of the date?

Failed to get list of scheduled times for saved search 'summary-etransfer' (app = 'search', error = '[HTTP 400] Bad Request; [{'text': "\n In handler 'savedsearch': Cannot parse time argument 'earliest_time': '06/14/2015:08:00:00'", 'type': 'ERROR', 'code': None}]'

martin_mueller · ‎07-03-2015

According to the script's usage output, epoch integers or splunk relative time notation.

-et <string>            Earliest time (required).  Either a UTC time (integer since unix epoch) 
                                        or a Splunk search relative time string [1].

-lt <string>            Latest time (required).  Either a UTC time (integer since unix epoch) 
                                        or a Splunk search relative time string [1].

Query about fill summary index

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation

Query about fill summary index

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!