create search job returns HTTP 400 response with message: "Please specify timerange to search data"

Hello,

I'm experiencing the following error when attempting to create a search job via the Java client:

```
com.splunk.HttpException: HTTP 400 -- <?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="FATAL">Please specify timerange to search data</msg>
  </messages>
</response>
at com.splunk.HttpException.create(HttpException.java:84) ~[splunk-sdk-java-1.4.0.jar:1.4.0]
at com.splunk.HttpService.send(HttpService.java:411) ~[splunk-sdk-java-1.4.0.jar:1.4.0]
at com.splunk.Service.send(Service.java:1280) ~[splunk-sdk-java-1.4.0.jar:1.4.0]
at com.splunk.HttpService.post(HttpService.java:272) ~[splunk-sdk-java-1.4.0.jar:1.4.0]
at com.splunk.JobCollection.create(JobCollection.java:81) ~[splunk-sdk-java-1.4.0.jar:1.4.0]
```

###################################################################################
Code Snippet:

```
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername(server.getUsername());
loginArgs.setPassword(server.getPassword().getDecrypted());
loginArgs.setHost(server.getHostName());
loginArgs.setPort(server.getPort());

Service service =Service.connect(loginArgs);

//example for a query search for this customer
String query = "search (index=corp_wineventlog) ((EventCode=4768) (action="failure") ((user="****") OR (user="*****"))) OR ((EventCode=4625) (action="failure") ((user="****") OR (user="*****"))) OR ((EventCode=4771) (action="failure") ((user="******") OR (user="******"))) OR ((EventCode=4776) (action="failure") ((user="******") OR (user="*******")))";

JobExportArgs jobExportArgs = new JobExportArgs();
jobExportArgs.setIndexEarliest("2024-02-06T09:55:18.991-06:00");
jobExportArgs.setIndexLatest("2024-02-13T09:54:18.974-06:00");
jobExportArgs.setSearchMode(JobExportArgs.SearchMode.NORMAL);
jobExportArgs.setRequiredFieldList(requiredFields.toArray(new String[0]));

Job job = service.getJobs().create(query, jobExportArgs);
```

###################################################################################
More details:

As you can see, we get the 'missing timerange' error although the indexEarliest and indexLatest are set as expected.
Also please note, the code above works as expected for most of our costumers and also in our envs but for some reason one of our clients gets this error from the API all the time, so maybe it depends on some costume configuration they're using.

Used versions:
Splunk-sdk-java 1.4.0
Splunk enterprise instance 9.2.0.1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

create search job returns HTTP 400 response with message: "Please specify timerange to search data" #223

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

create search job returns HTTP 400 response with message: "Please specify timerange to search data" #223

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions