- Splunk Answers
- :
- Using Splunk
- :
- Splunk Dev
- :
- How can I filter job results on relative time?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm able to read all results of a job through
job_obj.results()
using python-sdk.
I want to get all results in the last 15 mins.
It says in the doc that I can pass some params in the result() method.
What are the parameters for that?
Where is the documentation for available params?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is the Python SDK document for results http://docs.splunk.com/DocumentationStatic/PythonSDK/1.6.0/results.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is the Python SDK document for results http://docs.splunk.com/DocumentationStatic/PythonSDK/1.6.0/results.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
so I cannot filter results on relative time?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you tell me a little bit more about your use case?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm getting alert names from service. And for each alert name, I get the saved_search of that alert from service.saved_searches. Then the latest job_obj from saved_search.history(),
then I want to get all results of this job_obj for any relative time such as the last 15 mins or the last hour.
Is it possible and is there a faster and more convenient way of doing that? Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see, have you looked at the following?
http://dev.splunk.com/view/python-sdk/SP-CAAAER5
They give some examples in there, you should be able to pass the same parameters are in the rest API seen here: http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7...
If you read the REST API Docs, you should be able to also pass a post search command parameter. so effectively something like
args = {"count": 100}
job_obj.results(args)
I think should turn 100 results.
You'd have to play around with the search parameter since you want to do a timing thing but maybe
args = {"search": "* earliest=-15m@m"}
job_obj.results(args)
Wondering How to Build Resiliency in the Cloud?
Updated Data Management and AWS GDI Inventory in Splunk Observability
Introducing the Splunk Community Dashboard Challenge!
