I have been ingesting data from JIRA API to Splunk.

As a proof-of-concept to prove that JIRA can send data to Splunk is via updates from Kanban boards will be sent to Splunk using rest/api/2/search?jql=project+%3D+KANBAN+AND+updated+%3E%3D+-5m. Which works as expected.

The intended purpose is to feed audit logs into Splunk to enable protective monitoring, such as detecting known bad behaviour will send alerts to the team for investigation/remediation. As a part of this approach I required the data to be within relative from now to the last five mins, similar to the proof-of-concept works. 

I have been using /rest/api/2/auditing/record as the URL endpoint with the "from" and "to" parameters included at the end as ?from={ISO8601-date-time-format} ,to={ISO8601-date-time-format}. 
I have tested the parameter inputs from the simplest form of ISO8601 "yyyy-mm-dd" to the most comprehensive "yyyy-mm-ddThh:mm:ss.ms+0000". As well as URL encoding the parameters. I have tried using limit=1 to return only one result but that also gets ignored and what is returned to me is ALL audit logs limited to 1000 characters. 

I have been using CURL commands to test parameter inputs. The following is an example of what that command looks like:

curl -X GET -H 'Authorization:{token}' -H 'Content-Type: application/json'  'https://{domain}/jira/rest/api/2/auditing/record?{parameters}

I wonder where I might have gone wrong, or what I may be missing, if anyone has done this sort of thing before, or if anyone has any clue how to go about this?