Splunk Enterprise

Splunk API- Is there a way to retrieve what time range does a search use?

latifismail
Engager

Is there a way to retrieve what time range does a search use?,

I have tried using this endpoint

curl -k -u admin:pass https://localhost:8089/services/saved/searches/search_name/history

but i guess it is not returning its time range

Thank you

Labels (1)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

Hi

You could try something like this

| rest /servicesNS/-/-/saved/searches/Name%20Of%20search f=title f=dispatch.earliest_time f=dispatch.latest_time f=auto_summarize.cron_schedule f=search f=next_scheduled_time
```| transpose```

Last transpose helps (w/o comment characters) to see what all field that query results.

Of course you could run this also on command line with curl.

r. Ismo 

View solution in original post

isoutamo
SplunkTrust
SplunkTrust

Hi

You could try something like this

| rest /servicesNS/-/-/saved/searches/Name%20Of%20search f=title f=dispatch.earliest_time f=dispatch.latest_time f=auto_summarize.cron_schedule f=search f=next_scheduled_time
```| transpose```

Last transpose helps (w/o comment characters) to see what all field that query results.

Of course you could run this also on command line with curl.

r. Ismo 

Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...