You have to convert your human-readable timestamp to Unix epoch time – since _time is always in Unix epoch time
Check out strftime.org for the exact calls
Then you can send this in your curl call:
curl -u "$user:$pass" -k https://$splunkserver/services/search/jobs/export -d search='search "'"$search"'" | search index=$index sourcetype=$sourcetype' earliest=$STARTTIME latest=$ENDTIME'
from User warren – Stack Overflow https://stackoverflow.com/questions/70971811/splunk-search-with-starttime-and-endtime-with-format-ymd-hms/70972529#70972529
via IFTTT