time range selection not working on CLI

glsplunk · ‎06-30-2014

I'm trying:

splunk search Calling -earliest=06/30/2014:11:40:00 AND -latest=06/30/2014:12:00:00

and i'm not getting results in that time range. I've tried adding _time to earliest and
latest, as I saw in the docs, nothing works. I've tried blanks instead of equal signs.

Ayn · ‎06-30-2014

That's because CLI search doesn't use those options. They are called "earliest_time" and "latest_time", respectively.

http://docs.splunk.com/Documentation/Splunk/6.1.1/SearchReference/CLIsearchsyntax

glsplunk · ‎06-30-2014

yyyy-... doesn't work for me.
-earliest_time=06/30/2014 w/o hh:mm:ss isn't flagged as an
error, but the results include stuff from 06/27.
-earliest_time 2014/...
-earliest_time=2014-....
and such are called "invalid"

Ayn · ‎06-30-2014

Oh hm. When giving the time in the format you provided I'm getting an invalid format error. Try using YYYY-MM-DDTHH:MM:SS. For instance your earliest time would be "2014-06-30T11:40:00".

glsplunk · ‎06-30-2014

wrong.
like i said in the OP, i've tried adding _time to both
of those, and that doesn't work.

time range selection not working on CLI

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...