Wonder how to use the ISO8601 format in Splunk? Simplified extended ISO8601 is for example used in Javascript’s toISOString function. It’s a great way (readable and to timezone agnostic) to exchange timestamps between Splunk and Splunk Apps. Here’s how it’s done:
If you wonder how to pass an URL path parameter to your custom REST endpoint in Splunk, please have a look:
The Splunk SDK for Python is returning for multi-values that only have one entry a string instead of an array. To enforce arrays, you can do the following workaround:
If you’re using the @splunk/search-job API and want to return more than the 100 results (the default value), you’ll have to pass count to the getResults function, e.g.: new SearchJob.create({ search: myQuery, }).getResults({ count: 500 });
In case you’re using the @splunk/search-job API you might find it annoying that the properties of the returned objects are all of type string. To fix this, I wrote a little type mapper (The unit test shows how to use it):