Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Reporting
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- Re: How to define time range of a saved search usi...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
debugger22
Engager
09-03-2015
01:58 AM
I'm trying to create a saved search with following
kwargs = {
'description': 'failed auth',
'is_scheduled' : True,
'cron_schedule' : '*/5 * * * *',
'start_time' : 'rt-5s@s',
'end_time' : 'rt+5s@s'
It gives following error:
HTTPError: HTTP 400 Bad Request --
In handler 'savedsearch': Argument "start_time" is not supported by this handler.
I've also tried earliest_time and latest_time but with no luck. Please help.
Thanks in advance!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SIddharth5794
Explorer
09-04-2015
05:53 AM
Instead of using as you did, the following will work.
kwargs = {
'description': 'failed auth',
'is_scheduled' : True,
'cron_schedule' : '*/5 * * * *',
'dispatch.earliest_time' : 'rt-5s@s',
'dispatch.latest_time' : 'rt+5s@s'
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jaywang66
Loves-to-Learn
07-30-2021
01:51 PM
This works for me. I plan to do more fine tuned filter.
rr = results.ResultsReader(service.jobs.export("search host=App1 index=ftp _indextime>=1627665310 _indextime<1627665313"))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SIddharth5794
Explorer
09-04-2015
05:53 AM
Instead of using as you did, the following will work.
kwargs = {
'description': 'failed auth',
'is_scheduled' : True,
'cron_schedule' : '*/5 * * * *',
'dispatch.earliest_time' : 'rt-5s@s',
'dispatch.latest_time' : 'rt+5s@s'
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
StewGoin1
Explorer
09-03-2015
04:09 AM
I think you need to use scheduled_times and arguments to it as part of your kwargs
From the Python SDK Docs for saved searches :
class splunklib.client.SavedSearch(service, path, **kwargs)
This class represents a saved search.
scheduled_times(earliest_time='now', latest_time='+1h') Returns the times when this search is scheduled to run.
By default this method returns the times in the next hour. For different time ranges, set earliest_time and latest_time. For example, for all times in the last day use “earliest_time=-1d” and “latest_time=now”.
Parameters: earliest_time (string) – The earliest time. latest_time (string) – The latest time. Returns: The list of search times.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SIddharth5794
Explorer
09-03-2015
02:32 AM
Solved
kwargs = {
'description': 'failed auth',
'is_scheduled' : True,
'cron_schedule' : '*/5 * * * *',
'dispatch.earliest_time' : 'rt-5s@s',
'dispatch.latest_time' : 'rt+5s@s'
}
Get Updates on the Splunk Community!
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
Introducing the 2024 SplunkTrust!
Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!
The ...
