运行搜索命令时出错

在使用splunk enterprise时，我想从后端运行一个搜索命令，关键字是“index=”。 当我运行这个命令时，我得到了结果，但是当我在代码中添加这个命令时，我得到了“splunklib.binding.HTTPError：HTTP 400错误请求--未知的搜索命令“index”。“ 我可以登录到splunk enterprise，并可以运行基本搜索命令“search*| head 100”

def normal_search():
    #searchquery_normal = "search * | head 10"
    searchquery_normal = "index = some_tool_name"
    kwargs_normalsearch = {"exec_mode": "normal"}
    job = service.jobs.create(searchquery_normal, **kwargs_normalsearch)

    # A normal search returns the job's SID right away, so we need to poll for completion
    while True:
        while not job.is_ready():
            pass
        stats = {"isDone": job["isDone"],
                 "doneProgress": float(job["doneProgress"])*100,
                  "scanCount": int(job["scanCount"]),
                  "eventCount": int(job["eventCount"]),
                  "resultCount": int(job["resultCount"])}

        status = ("\r%(doneProgress)03.1f%%   %(scanCount)d scanned   "
                  "%(eventCount)d matched   %(resultCount)d results") % stats

        sys.stdout.write(status)
        sys.stdout.flush()
        if stats["isDone"] == "1":
            sys.stdout.write("\n\nDone!\n\n")
            break
        sleep(2)

    # Get the results and display them
    for result in results.ResultsReader(job.results()):
        print result

    job.cancel()   
    sys.stdout.write('\n')

应为：无错误 实际值：splunklib.binding.HTTPError：HTTP 400错误请求--未知的搜索命令“index”

一。在