Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

time range selection not working on CLI

glsplunk
New Member
‎06-30-2014 01:41 PM

I'm trying:

splunk search Calling -earliest=06/30/2014:11:40:00 AND -latest=06/30/2014:12:00:00

and i'm not getting results in that time range. I've tried adding _time to earliest and
latest, as I saw in the docs, nothing works. I've tried blanks instead of equal signs.

Tags (1)
0 Karma
Reply

Ayn
Legend
‎06-30-2014 01:53 PM

That's because CLI search doesn't use those options. They are called "earliest_time" and "latest_time", respectively.

http://docs.splunk.com/Documentation/Splunk/6.1.1/SearchReference/CLIsearchsyntax

0 Karma
Reply

glsplunk
New Member
‎06-30-2014 02:14 PM

yyyy-... doesn't work for me.
-earliest_time=06/30/2014 w/o hh:mm:ss isn't flagged as an
error, but the results include stuff from 06/27.
-earliest_time 2014/...
-earliest_time=2014-....
and such are called "invalid"

0 Karma
Reply

Ayn
Legend
‎06-30-2014 02:04 PM

Oh hm. When giving the time in the format you provided I'm getting an invalid format error. Try using YYYY-MM-DDTHH:MM:SS. For instance your earliest time would be "2014-06-30T11:40:00".

0 Karma
Reply

glsplunk
New Member
‎06-30-2014 01:54 PM

wrong.
like i said in the OP, i've tried adding _time to both
of those, and that doesn't work.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...