I've written python code to download data from splunk for the given search and given date range but it seems date range is not working- I can see logs which are outside of the date that I've entered.
Here is my code snippet:
def download_binary_file(self, url_path, output_file_path, auth, data):
self.logger.debug("Entering DatacenterSplunk.download_binary_file() for dc " + self.datacenter)
print("Writing logs to file: " + output_file_path)
try:
s = requests.Session()
r = s.post(url_path, auth=auth, data=data, stream=True, verify=self.verify_cert)
r.raise_for_status()
with open(output_file_path, 'wb') as f:
for chunk in r.iter_content(chunk_size=512):
if chunk:
f.write(chunk)
f.close()
except Exception as e:
self.logger.error("Exception encountered in DatacenterSplunk.download_binary_file():" + str(e))
self._handle_exception(e)
self.logger.debug("Leaving DatacenterSplunk.download_binary_file() for dc " + self.datacenter)
here is the URL and Data that I am passing,
URL : https://example-zone-ms.compnay.com:8089/services/search/jobs/export
data= {'search': 'search source=*FOO_access* http_apikey | fields - host,source,sourcetype, splunk_server, _time, index, _serial', 'output_mode': 'csv', 'earliest': '08/22/2019:0:0:0', 'latest': '08/22/2019:23:59:59'}
It works fine except, the date range issue, always I am getting last 7 days of log irrespective of the date range I entered. For this range earliest=08/22/2019:0:0:0 -d latest=08/23/2019:0:0:0 I can getting from Aug 29 - Aug 22
