Re: time range selection not working on CLI

glsplunk · ‎06-30-2014

I'm trying:

splunk search Calling -earliest=06/30/2014:11:40:00 AND -latest=06/30/2014:12:00:00

and i'm not getting results in that time range. I've tried adding _time to earliest and
latest, as I saw in the docs, nothing works. I've tried blanks instead of equal signs.

Ayn · ‎06-30-2014

That's because CLI search doesn't use those options. They are called "earliest_time" and "latest_time", respectively.

http://docs.splunk.com/Documentation/Splunk/6.1.1/SearchReference/CLIsearchsyntax

glsplunk · ‎06-30-2014

yyyy-... doesn't work for me.
-earliest_time=06/30/2014 w/o hh:mm:ss isn't flagged as an
error, but the results include stuff from 06/27.
-earliest_time 2014/...
-earliest_time=2014-....
and such are called "invalid"

Ayn · ‎06-30-2014

Oh hm. When giving the time in the format you provided I'm getting an invalid format error. Try using YYYY-MM-DDTHH:MM:SS. For instance your earliest time would be "2014-06-30T11:40:00".

glsplunk · ‎06-30-2014

wrong.
like i said in the OP, i've tried adding _time to both
of those, and that doesn't work.

time range selection not working on CLI

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation