SplunkDF.search_df() returns no data when start_time is a Python datetime object

[DavidJBianco]

Describe the bug The start_time argument is supposed to accept a Python datetime object, but when searches using that feature return quickly with no data. Searches for the same timeframe using the alternative SPL syntax (e.g., start_time="-15m@m") take significantly longer and do return relevant data.

To Reproduce Here's a code fragment that demonstrates the problem:

start = datetime.now() - timedelta(minutes=15)

process_df = s.search_df(
    spl='search some string ',
    limit=10000,
    start_time=start
)

Expected behavior Expected a DataFrame with search results

Additional context

• Verified under Python 3 OS X using ThreatHunting Project's docker container as a Jupyter environment.

[DavidJBianco]

The SplunkDF.search() code converts the datetime to a Splunk search parameter incorrectly. Instead of calling datetime.isoformat() it should instead call datetime.strftime("%m/%d/%Y:%H:%M:%S").

[DavidJBianco]

Unable to reproduce this anymore with the latest Splunk 8.