Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I filter job results on relative time?

cy0926
New Member
‎07-01-2016 11:13 AM

I'm able to read all results of a job through

 job_obj.results()

using python-sdk.
I want to get all results in the last 15 mins.
It says in the doc that I can pass some params in the result() method.
What are the parameters for that?
Where is the documentation for available params?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ryanoconnor
Builder
‎07-01-2016 04:53 PM

This is the Python SDK document for results http://docs.splunk.com/DocumentationStatic/PythonSDK/1.6.0/results.html

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ryanoconnor
Builder
‎07-01-2016 04:53 PM

This is the Python SDK document for results http://docs.splunk.com/DocumentationStatic/PythonSDK/1.6.0/results.html

0 Karma
Reply
Solved! Jump to solution

cy0926
New Member
‎07-01-2016 04:55 PM

so I cannot filter results on relative time?

0 Karma
Reply
Solved! Jump to solution

ryanoconnor
Builder
‎07-01-2016 04:56 PM

Can you tell me a little bit more about your use case?

0 Karma
Reply
Solved! Jump to solution

cy0926
New Member
‎07-01-2016 05:05 PM

I'm getting alert names from service. And for each alert name, I get the saved_search of that alert from service.saved_searches. Then the latest job_obj from saved_search.history(),
then I want to get all results of this job_obj for any relative time such as the last 15 mins or the last hour.

Is it possible and is there a faster and more convenient way of doing that? Thanks.

0 Karma
Reply
Solved! Jump to solution

ryanoconnor
Builder
‎07-01-2016 05:29 PM

I see, have you looked at the following?

http://dev.splunk.com/view/python-sdk/SP-CAAAER5

They give some examples in there, you should be able to pass the same parameters are in the rest API seen here: http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7...

If you read the REST API Docs, you should be able to also pass a post search command parameter. so effectively something like

args = {"count": 100}
job_obj.results(args)

I think should turn 100 results.

You'd have to play around with the search parameter since you want to do a timing thing but maybe

args = {"search": "* earliest=-15m@m"}
job_obj.results(args)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...