Solved: Re: Splunk python sdk oneshot search: How to get e...

i2sheri · ‎06-08-2015

I have a one shot search to which i am passing earliest time and latest time from time range picker. Trying to generate a report from the search results for which i need search time range as strings or python date objects.

For Ex:
Time Range: previous month
earliest_time: -1mon@mon
latest_time: @mon'

I need above times python date object
30-04-2015
31-05-2015

also my search ends with | chart count bla by date => the dates are columns which i couldn't see in ResultsReader

i2sheri · ‎09-21-2015

you can use this search to get from and to dates

View solution in original post

i2sheri · ‎09-21-2015

you can use this search to get from and to dates

i2sheri · ‎06-08-2015

Those dates are present in result as columns (or keys)

search_results = service.jobs.oneshot(search_query, **kwargs) reader = results.ResultsReader(search_results) columns = reader[0].keys()

i2sheri · ‎08-10-2015

This might no return all dates, it returns dates from search results. For Ex: If search did not return any events for 20-04-2015 then this date will not be present in reader[0].keys()

Splunk python sdk oneshot search: How to get earliest_time and latest_time in datetime format?

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms