How to send a Unix time as the value for earliest ...

kicksammy · ‎07-18-2014

i am trying to send Unix time to a saved search and i m expecting the Splunk to return the events for the Unix time earliest and latest. Below is the code i'm using.
But Splunk runs query for All Time.
How can I send a Unix time as the value for earliest and latest parameters

    ServiceArgs namespace = new ServiceArgs();
    namespace.setApp(appName);
    SavedSearch savedSearch = service.getSavedSearches(namespace).get(searchName);

    log.debug("Run the '" + savedSearch.getName() + "' search ("
            + savedSearch.getSearch() + ")\n");
    Job jobSavedSearch = null;
    SavedSearchDispatchArgs dispatchArgs = new SavedSearchDispatchArgs();
    //// These attributes have setter methods
    dispatchArgs.setDispatchEarliestTime("1405616400");
    dispatchArgs.setDispatchLatestTime("1405620000");
    //       Run the saved search
    try {
        jobSavedSearch = savedSearch.dispatch(dispatchArgs);
    } catch (InterruptedException e1) {
        log.fatal("Splunk serach job interrupted", e1);

    }

somesoni2 · ‎07-21-2014

Try setting "DispatchTimeFormat" property to "%s" in the dispatchArgs object.

..
..
dispatchArgs.setDispatchEarliestTime("1405616400");
dispatchArgs.setDispatchLatestTime("1405620000");
//Add this
dispatchArgs.setDispatchTimeFormat("%s");
..
..

How to send a Unix time as the value for earliest and latest parameters to a saved search using java API?

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

How to send a Unix time as the value for earliest and latest parameters to a saved search using java API?

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers