This is my query and it looks fine to me, but I do not see any output. It just tells me "No results found". Can someone tell me what's wrong with this?
curl -k -u user:pass https://Splunk Server/services/search/jobs/export -d "search= search index=production email1@xyz.com email2@abc.com "earliest=-12h" | stats count by Email_ID" -d "exec_mode=oneshot" -d "output_mode=csv" \\destinationserver\Reports.csv
Thanks
Try this:
curl -s -k -u user:pass https:// SPLUNK-SERVER /services/search/jobs -d output_mode=csv --data-urlencode 'search=search index=production email1@xyz.com email2@abc.com "earliest=-12h" | stats count by Email_ID' -d earliest_time=-60m -d latest_time=now -d exec_mode=oneshot
This is not working. It says "Error in 'stats' command: The argument 'earliest_time=-60m' is invalid." I tried putting the latest_time also in the search query but it failed. it again says No Results found.