I can work with epoch time just fine...my question is if there is a way to set the time in a human readable format (%m/%d/%Y:%H:%M:%S) rather than have to convert a local timestamp to epoch time. The current use case allows the setting of earliest/latest date via an application configuration file.
The setting below fails:
theSearchArgs.setLatestTime("05/20/2015:04:04:04");
theSearchArgs.setEarliestTime("05/20/2015:04:04:04");
This method below works just fine:
theSearchArgs.setLatestTime("1389722400");
theSearchArgs.setEarliestTime("1389722400");
I realize I can do the timestamp conversion within Java (and will at some point) but, for my current use case, I'm asking if we can supply the timestamp in the %m/%d/%Y:%H:%M:%S format.
Thanks!
EDIT: Splunk java doc says this:
> InputStream com.splunk.Service.oneshotSearch(String query, Args args)
Parameters:
query The search query.
args The search arguments:
"output_mode": Specifies the output format of the results (XML, JSON, or CSV).
"earliest_time": Specifies the earliest time in the time range to search. The time string can be a UTC time (with fractional seconds), a relative time specifier (to now), or a formatted time string.
"latest_time": Specifies the latest time in the time range to search. The time string can be a UTC time (with fractional seconds), a relative time specifier (to now), or a formatted time string.
"rf": Specifies one or more fields to add to the search.
... View more