Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Time Modifier "latest=@mon+20d" in REST API

ankur_kumar377
New Member
‎03-25-2020 04:27 AM

Time modifier is not working with splunk rest API. Below is the query.

curl -k -u 'xxxxxxxxx:xxxxxxxxx' https://api-splunk.com:8089/services/search/jobs/export -d search="search earliest=@mon-10d latest=@mon+20d index=usage_summary report=LicenseUsage | search idx= | dedup _time,idx | timechart span=1d sum(MBytes) as LicenseUsagePerDay| stats avg(LicenseUsagePerDay) as AveLicenseUsagePerDay | table AveLicenseUsagePerDay" -d output_mode=csv

it's not displaying any data but when we replace latest=@mon+20d to latest=now then it's working fine.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...