In the splunk UI, I can have a query such as the following...
host="cmhlpecomweb*" sourcetype=access_combined "GET /check-out/actions/gift-card-submit.jsp"
I have been unable to find how to do this through the splunklib python client.
I have tried numerous combinations, and can find no referecne to how to do this in the Splunk documention.
Examples of what has been tried
service.jobs.export("host=cmhlpecomweb* sourcetype=access_combined | search GET /check-out/actions/gift-card-submit.jsp",
**{"earliest_time":"2017-02-13T10:00:00.000-07:00"}))
service.jobs.export("regex field= host=cmhlpecomweb* sourcetype=access_combined | search GET /check-out/actions/gift-card-submit.jsp",
**{"earliest_time":"2017-02-13T10:00:00.000-07:00"}))
service.jobs.export("search GET /check-out/actions/gift-card-submit.jsp | host=cmhlpecomweb* sourcetype=access_combined ",
**{"earliest_time":"2017-02-13T10:00:00.000-07:00"}))
service.jobs.export("search GET /check-out/actions/gift-card-submit.jsp host=cmhlpecomweb* sourcetype=access_combined ",
**{"earliest_time":"2017-02-13T10:00:00.000-07:00"}))
Surely this can't be this difficult, but after spending the better part of an afternoon, I give up. Is this documented, or even possible? If documented, a pointer to that info would be great!
... View more