Solved: Splunk API- Is there a way to retrieve what time r...

latifismail · ‎08-29-2022

Is there a way to retrieve what time range does a search use?,

I have tried using this endpoint

curl -k -u admin:pass https://localhost:8089/services/saved/searches/search_name/history

but i guess it is not returning its time range

Thank you

isoutamo · ‎08-30-2022

Hi

You could try something like this

| rest /servicesNS/-/-/saved/searches/Name%20Of%20search f=title f=dispatch.earliest_time f=dispatch.latest_time f=auto_summarize.cron_schedule f=search f=next_scheduled_time
```| transpose```

Last transpose helps (w/o comment characters) to see what all field that query results.

Of course you could run this also on command line with curl.

r. Ismo

View solution in original post

isoutamo · ‎08-30-2022

Hi

You could try something like this

| rest /servicesNS/-/-/saved/searches/Name%20Of%20search f=title f=dispatch.earliest_time f=dispatch.latest_time f=auto_summarize.cron_schedule f=search f=next_scheduled_time
```| transpose```

Last transpose helps (w/o comment characters) to see what all field that query results.

Of course you could run this also on command line with curl.

r. Ismo

Splunk API- Is there a way to retrieve what time range does a search use?

development

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!