Solved: Re: Splunk python sdk - How to set custom time dur...

pinpoint · ‎11-15-2012

Hi All - I am new to splunk python SDK and am stuck with running saved searches for custom durations. So far, using the splunk documentation and examples I am able to execute saved searches using the python SDK, however I couldn't find a way to set the earliest/latest time parameters. Whatever the value I set the default duration for the saved search is used. Here is a snippet of what I have so far :

args = {"earliest_time":"-d60"}
job = searchName.dispatch(**args)

Tried this as well: args = {"earliestTime":"-d60"}

Is there a way to set custom duration for saved searches using python sdk?

Thanks.

pinpoint · ‎11-15-2012

Sorry guys, I should have done some more research before posting the question. I did some poking around and got it to work. Here is what I set for duration:

args = {"dispatch.earliest_time":"-100d"}

View solution in original post

apruneda_splunk · ‎11-15-2012

Look at this example, specifically the format for earliest and latest times:
http://dev.splunk.com/view/SP-CAAAEE5#oneshotjob

This example shows how to set a time range in Python.

pinpoint · ‎11-19-2012

Thanks for the link. The table 'Saved search parameters' had all the supported parameters.

pinpoint · ‎11-15-2012

Sorry guys, I should have done some more research before posting the question. I did some poking around and got it to work. Here is what I set for duration:

args = {"dispatch.earliest_time":"-100d"}

Splunk python sdk - How to set custom time duration to run saved searches

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services