Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

time range selection not working on CLI

glsplunk
New Member
‎06-30-2014 01:41 PM

I'm trying:

splunk search Calling -earliest=06/30/2014:11:40:00 AND -latest=06/30/2014:12:00:00

and i'm not getting results in that time range. I've tried adding _time to earliest and
latest, as I saw in the docs, nothing works. I've tried blanks instead of equal signs.

Tags (1)
0 Karma
Reply

Ayn
Legend
‎06-30-2014 01:53 PM

That's because CLI search doesn't use those options. They are called "earliest_time" and "latest_time", respectively.

http://docs.splunk.com/Documentation/Splunk/6.1.1/SearchReference/CLIsearchsyntax

0 Karma
Reply

glsplunk
New Member
‎06-30-2014 02:14 PM

yyyy-... doesn't work for me.
-earliest_time=06/30/2014 w/o hh:mm:ss isn't flagged as an
error, but the results include stuff from 06/27.
-earliest_time 2014/...
-earliest_time=2014-....
and such are called "invalid"

0 Karma
Reply

Ayn
Legend
‎06-30-2014 02:04 PM

Oh hm. When giving the time in the format you provided I'm getting an invalid format error. Try using YYYY-MM-DDTHH:MM:SS. For instance your earliest time would be "2014-06-30T11:40:00".

0 Karma
Reply

glsplunk
New Member
‎06-30-2014 01:54 PM

wrong.
like i said in the OP, i've tried adding _time to both
of those, and that doesn't work.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...