Splunk Dev

How can I filter job results on relative time?

cy0926
New Member

I'm able to read all results of a job through

 job_obj.results() 

using python-sdk.
I want to get all results in the last 15 mins.
It says in the doc that I can pass some params in the result() method.
What are the parameters for that?
Where is the documentation for available params?

0 Karma
1 Solution

ryanoconnor
Builder
0 Karma

ryanoconnor
Builder
0 Karma

cy0926
New Member

so I cannot filter results on relative time?

0 Karma

ryanoconnor
Builder

Can you tell me a little bit more about your use case?

0 Karma

cy0926
New Member

I'm getting alert names from service. And for each alert name, I get the saved_search of that alert from service.saved_searches. Then the latest job_obj from saved_search.history(),
then I want to get all results of this job_obj for any relative time such as the last 15 mins or the last hour.

Is it possible and is there a faster and more convenient way of doing that? Thanks.

0 Karma

ryanoconnor
Builder

I see, have you looked at the following?

http://dev.splunk.com/view/python-sdk/SP-CAAAER5

They give some examples in there, you should be able to pass the same parameters are in the rest API seen here: http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7...

If you read the REST API Docs, you should be able to also pass a post search command parameter. so effectively something like

args = {"count": 100}
job_obj.results(args)

I think should turn 100 results.

You'd have to play around with the search parameter since you want to do a timing thing but maybe

args = {"search": "* earliest=-15m@m"}
job_obj.results(args)

0 Karma
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...