Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to pass the earliest ,latest time and span as arguments to the curl command to query a saved search

bubby248
New Member
‎03-06-2013 02:15 PM

I had the curl statement as below

curl -u username:password -k https://hostname:8089/services/search/jobs -d"search=| savedsearch mysavedsearch" -earliest_time="-24h@h" -latest_time="now" -d span="1hr"

But the response is as below
<?xml version="1.0" encoding="UTF-8"?>


Error in 'savedsearch' command: Encountered the following error while building a search for saved search 'mysavedsearch': Error while replacing variable name='earliest'. Could not find variable in the argument map.

Can you please help me out with the curl command
With this am expecting an SID, once I get the SID I will try to retreive the results.

Tags (1)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎03-06-2013 03:15 PM

First of all, it looks like you have an placeholder for a variable called earliest in your saved search. Probably you don't want that. But if you do want that, then you need to pass it as arguments to the | savedsearch command, within the search string, e.g., | savedsearch earliest=-24h@h.

But if you really don't want that, take it out of the saved search and just pass it as normal HTTP parameter in curl:

... -d earliest_time=-24h@h ...

0 Karma
Reply

bubby248
New Member
‎03-13-2013 01:02 PM

Thanks mate

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...