When I manually run a Splunk search via the API as follows:
curl "https://host:8089/services/search/v2/jobs" -d search='search query...' -d max_count=0 -d earliest_time=xxx -d latest_time=now
curl "https://host:8089/services/search/v2/jobs/jobid/results/" --get -d output_mode=csv -d count=0
I get timestamps like this for the _time column
"2023-02-02T00:06:34.000-08:00"
When I run the same query, just as a saved search:
curl "https://host:8089/servicesNS/nobody/search/search/v2/jobs/export?output_mode=csv -d search='savedsearch "Saved Search"'
I get timestamps like this for the _time column
"2023-02-06 00:00:00.000 PST"
How can I make the latter look like the former so Excel can ingest it properly?
... View more