I am sending a POST request to Splunk REST 'services/search/jobs' endpoint.
If I submit with 'earliest_time' parameter as a relative string like -2d, it works fine. But if I use an absolute date-time string like "9/24/2017:10:00:00", it comes back with 0 results.
Instead, if I don't pass earliest_time parameter, and embed the earliest in the query itself like "earliest='9/24/2017:10:00:00'", it works fine.
Is this a known bug? Or am I doing something wrong?
↧
