Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

earliest and latest information in custom python search command

sbsbb
Builder
‎12-25-2013 03:16 AM

I was not able to find in the doc a way to get earliest and latest information from the datetimepicker to use in my generating custom search command..

Any Idea how that work ?

Reply

lumpymilk
Explorer
‎01-27-2021 10:02 AM

For the sake of anyone searching and finding this, these return a float that matches time picker when I try them. I just wish I could find inheritable or nested Option() types so I can borrow those with their existing validation.

earliest = self.search_results_info.api_et
latest = self.search_results_info.api_lt

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎12-25-2013 02:18 PM

You could prefix the call to your custom generating command like this:

| stats count | addinfo | your_command

That way you should get info about the time range as input events for your command.

I don't think there's an intended way for accessing this directly - any more. Taken from the doc of splunk.Intersplunk:

getOrganizedResults(input_str=None)
    Converts an Intersplunk-formatted file object into a dict
    representation of the contained events, and returns a tuple of:

        (results, dummyresults, settings)

    "dummyresults" is always an empty list, and "settings" is always
    an empty dict, since the change to csv stopped sending the
    searchinfo.  It has not been updated to store the auth token.

My guess is you're looking for what used to be in searchinfo.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...