I noticed that i dont have splunk python SDK because in my python script i dont have import splunklib or import splunk.. i am using python script within the alteryx tool

Hi, Thanks for your input
where do i add this... in my search query

this is how my URL looks like 

https://server/services/search/jobs/export?search=search%20index%3Dcfs_apiconnect_102212%20%20%20%0Asourcetype%3D%22cfs_apigee_102212_st%22%20%20%0Aearliest%3D-1d%40d%20latest%3D%40d%20%0Aorganization%20IN%20(%22ccb-na%22%2C%22ccb-na-ext%22)%20%0AclientId%3D%22AMZ%22%20%0Astatus_code%3D200%0Aenvironment%3D%22XYZ-uat03%22%0A%7C%20table%20%20_time%2CclientId%2Corganization%2Cenvironment%2CproxyBasePath%2Capi_name&&output_mode=csv 

@Raj_Splunk_Ing 
Modify Your Python Script in Alteryx:
You need to find the part of your Python script where you build the URL or the parameters for the HTTP request to Splunk. You will then add a tz parameter to that request, setting its value to the time zone string you found in your splunk ui timezone.

Eg:
params = {
'search': spl_query,
'output_mode': 'csv',
'tz': splunk_ui_timezone
}

url adding tz parameter
https://server/services/search/jobs/export?search=search%20index%3Dcfs_apiconnect_102212%20%20%20%0A...tz=America%2FChicago&output_mode=csv

Regards,
Prewin
Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a kudos/Karma. Thanks!

Hi tried to follow by adding this to the url at the end

%20tz=America%2FNew_York&output_mode=csv"

and in the headers

headers = {
'Authorization': 'Basic AuthKey','Content-Type':'text/csv','tz':'(GMT-04:00) Eastern Time (US & Canada)'
}
this is not returning anything

Hi Rick, same user. i did use the earliest and latest in the search query itself as filters. API is using the services/export