Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Are there any examples of an actual use case of dispatch.data_format for fields earliest time and latest time?

meduriphani
New Member
‎02-07-2017 02:06 PM

Hi,

I am looking for any sample code in any language/script that shows an actual use case of dispatch.data_format for setting up the fields dispatch.earliest time and dispatch.latest time?

Thanks,
Phanendra Meduri

0 Karma
Reply

somesoni2
Revered Legend
‎02-07-2017 02:32 PM

The attribute dispatch.time_format is used when you specify the earliest (Start time) and latest (Finish time) of the saved search in string formatted dates. If it's relative ( e.g. -1d@d ) or epoch, then this property is not useful. If you want to specify the earliest as absolute date e.g. earliest=2017-02-06 11:00 PM , then you should set dispatch.time_format=%Y-%m-%d %H:%M %p. If your absolute date format is same as it's default value, then no need to specify that.

dispatch.time_format = <time format str>
* Defines the time format that Splunk uses to specify the earliest and latest
  time.
* Defaults to %FT%T.%Q%:z
0 Karma
Reply

meduriphani
New Member
‎02-07-2017 05:13 PM

Hi,

Thanks for your reply.

This would be very useful If I get any example.

I am using Groovy to retrieve savedSearch results. My code is continuously failing because of data format.

            def etime=request.headers.get("earliestTime")
            def ltime=request.headers.get("LatestTime")
             dispatchArgs.setDispatchTimeFormat("yyyy-MM-dd'T'HH:mm:ss.mmm-05:00")
             dispatchArgs.setDispatchEarliestTime(etime)
             dispatchArgs.setDispatchLatestTime(ltime)
            Job job = savedSearch.dispatch(dispatchArgs)

I am getting the earliestTime and LatestTime in the date-format of pattern="yyyy-MM-dd'T'HH:mm:ss.mmm-05:00".

It would be helpful If you point where the above code going wrong. OR practical any example.

I referenced the above code from http://dev.splunk.com/view/java-sdk/SP-CAAAEKY

Thanks,
Phanendra Meduri

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...