Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to pass the earliest ,latest time and span as arguments to the curl command to query a saved search

bubby248
New Member
‎03-06-2013 02:15 PM

I had the curl statement as below

curl -u username:password -k https://hostname:8089/services/search/jobs -d"search=| savedsearch mysavedsearch" -earliest_time="-24h@h" -latest_time="now" -d span="1hr"

But the response is as below
<?xml version="1.0" encoding="UTF-8"?>


Error in 'savedsearch' command: Encountered the following error while building a search for saved search 'mysavedsearch': Error while replacing variable name='earliest'. Could not find variable in the argument map.

Can you please help me out with the curl command
With this am expecting an SID, once I get the SID I will try to retreive the results.

Tags (1)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎03-06-2013 03:15 PM

First of all, it looks like you have an placeholder for a variable called earliest in your saved search. Probably you don't want that. But if you do want that, then you need to pass it as arguments to the | savedsearch command, within the search string, e.g., | savedsearch earliest=-24h@h.

But if you really don't want that, take it out of the saved search and just pass it as normal HTTP parameter in curl:

... -d earliest_time=-24h@h ...

0 Karma
Reply

bubby248
New Member
‎03-13-2013 01:02 PM

Thanks mate

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...