Hello,
this search in the search bar of splunk:
javaException=* earliest=-m@m | sort _time
returns about 100 results. My problem is, when I use splunk REST API, the exact same search does not return the same result. With:
curl -k -u user:pwd https://url:8089/services/search/jobs/export -d'search=search%20javaException%3D*%20earliest%3D-m%40m%20%7C%20sort%20_time'
I receive:
<?xml version='1.0' encoding='UTF-8'?>
<results preview='0'>
<meta>
<fieldOrder />
</meta>
<messages>
<msg type="DEBUG">Configuration initialization took 48ms for /appsplunk/logiciels/list/splunk/etc</msg>
<msg type="DEBUG">base lispy: [ AND ]</msg>
<msg type="DEBUG">search context: user="user", app="search", bs-pathname="/appsplunk/logiciels/list/splunk/etc"</msg>
<msg type="INFO">Your timerange was substituted based on your search string</msg>
</messages>
</results>
javaException is a field extraction at search-time.
I tried other GET requests which worked well like: * earliest=-m@m | sort _time .
So I believe the field extraction javaException is the cause of my problem, but I cannot figure out why.
Can I have some help, please ?
... View more