- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Splunk python sdk oneshot search: How to get earli...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a one shot search to which i am passing earliest time and latest time from time range picker. Trying to generate a report from the search results for which i need search time range as strings or python date objects.
For Ex:
Time Range: previous month
earliest_time: -1mon@mon
latest_time: @mon'
I need above times python date object
30-04-2015
31-05-2015
also my search ends with | chart count bla by date => the dates are columns which i couldn't see in ResultsReader
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can use this search to get from and to dates
search index=* | head 1
|eval e=relative_time(now(), "-1mon@mon")
|eval l=relative_time(now(), "@mon")
|eval ee=strftime(e, "%m/%d/%Y:%H:%M:%S")
|eval ll=strftime(l, "%m/%d/%Y:%H:%M:%S")
|table e l ee ll
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can use this search to get from and to dates
search index=* | head 1
|eval e=relative_time(now(), "-1mon@mon")
|eval l=relative_time(now(), "@mon")
|eval ee=strftime(e, "%m/%d/%Y:%H:%M:%S")
|eval ll=strftime(l, "%m/%d/%Y:%H:%M:%S")
|table e l ee ll
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Those dates are present in result as columns (or keys)
search_results = service.jobs.oneshot(search_query, **kwargs)
reader = results.ResultsReader(search_results)
columns = reader[0].keys()
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This might no return all dates, it returns dates from search results. For Ex: If search did not return any events for 20-04-2015 then this date will not be present in reader[0].keys()
Introducing the Splunk Community Dashboard Challenge!
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
