Hi All - I am new to splunk python SDK and am stuck with running saved searches for custom durations. So far, using the splunk documentation and examples I am able to execute saved searches using the python SDK, however I couldn't find a way to set the earliest/latest time parameters. Whatever the value I set the default duration for the saved search is used. Here is a snippet of what I have so far :
args = {"earliest_time":"-d60"}
job = searchName.dispatch(**args)
Tried this as well: args = {"earliestTime":"-d60"}
Is there a way to set custom duration for saved searches using python sdk?
Thanks.
Sorry guys, I should have done some more research before posting the question. I did some poking around and got it to work. Here is what I set for duration:
args = {"dispatch.earliest_time":"-100d"}
Look at this example, specifically the format for earliest and latest times:
http://dev.splunk.com/view/SP-CAAAEE5#oneshotjob
This example shows how to set a time range in Python.
Thanks for the link. The table 'Saved search parameters' had all the supported parameters.
Sorry guys, I should have done some more research before posting the question. I did some poking around and got it to work. Here is what I set for duration:
args = {"dispatch.earliest_time":"-100d"}