Search with Python SDK

Splunk Enterprise

Hi all!

I'm trying to run simple search via Python SDK (Python 3.8.5, splunk-sdk 1.6.14). Examples that are presented on dev.splunk.com are clear but something goes wrong when I run search with my own parameters

The code is as simple as this

    search_kwargs_params = {
        "exec_mode": "blocking",
        "earliest_time": "2020-09-04T06:57:00.000-00:00",
        "latest_time": "2020-11-08T07:00:00.000-00:00",        
    }
    search_query = 'search index=qwe1 trace=111-aaa-222 action=Event.OpenCase'
    job = self.service.jobs.create(search_query, **search_kwargs_params)
    for result in results.ResultsReader(job.results()):
        print(result)

But search returns no results. When I run same query manually in Splunk web GUI it works fine.

I've also tried to put all parameters in 'search_kwargs_params' dictionary, widened search time period and got some search results but they seem to be inappropriate to what I got in GUI.

Can someone advise?

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...