Why is the timerange in my CLI search not working ...

mgardler · ‎10-31-2014

There are lots of questions in here, but none work correctly:

Search:
splunk search "@aol" earliest=02/01/2011:00:00:00 latest=03/01/2011:00:00:00 -maxout=0

No matter what dates I put in here, the same results return
Also tried: ealiest_time, latest_time: index_earliest, index_latest

Everything returns the same information.....

What is a valid search string for a time range? (Running Splunk 5.0.6 (build 185560))

MuS · ‎10-31-2014

Hi mgardler,

using your search string like this

splunk search "@aol earliest=02/01/2011:00:00:00 latest=03/01/2011:00:00:00 -maxout=0"

works without problem. The result looks like this:

splunk search "@aol earliest=02/01/2011:00:00:00 latest=03/01/2011:00:00:00 -maxout=0"
INFO: Your timerange was substituted based on your search string

as prove take this run everywhere command

splunk search "index=_internal * earliest=10/29/2014:00:00:00 latest=10/31/2014:00:00:00  | stats count "
INFO: Your timerange was substituted based on your search string
count
-----
84357

hope this helps ...

cheers, MuS

Why is the timerange in my CLI search not working properly in Splunk 5.0.6?

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Are you a member of the Splunk Community?

Why is the timerange in my CLI search not working properly in Splunk 5.0.6?

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2