Question

下面是我的代码段：

search='index="someindex" earliest=27/01/2019:0:0:0 latest=27/01/2018:23:59:00'

data = {'search': search, 'max_count':'10000000'}
response = requests.post('https://something:8089/services/search/jobs',
                         auth=('usr', 'pwd'), data=data, verify=False)
#print(response)                         
root = ET.fromstring(response.text)
#print(root)
for tag in root:
    job_id = tag.text
    print(job_id)
print(job_id)

我得到400的响应，并且在打印job_id时出错。

Answer 1

如果要搜索索引，则搜索字符串应以search关键字开头。

修改搜索字符串：

search='search index="someindex" earliest=27/01/2019:0:0:0 latest=27/01/2018:23:59:00'

无法获取Splunk查询SID

1 个答案: