topic Export to csv is not fetching all the results - Python /Splunk SDK in Splunk Dev https://community.splunk.com/t5/Splunk-Dev/Export-to-csv-is-not-fetching-all-the-results-Python-Splunk-SDK/m-p/432548#M7745 <P>I do have a Python code to run an query and export the search results to .csv files. The program is working perfectly fine but when i opened the search results i could not see all the results. I just validated the same by running the query manually in splunk and exported the result and compared the results with the one which is generated through my code. I am running the query for last 2 hours. </P> <P>My Code - <BR /> import time<BR /> import splunklib.client as client<BR /> import splunklib.results as results<BR /> import csv</P> <H1>import random</H1> <P>HOST = "Server"<BR /> PORT = 8089<BR /> USERNAME = "user"<BR /> PASSWORD = "password"</P> <P>service = client.connect(<BR /> host=HOST,<BR /> port=PORT,<BR /> username=USERNAME,<BR /> password=PASSWORD)</P> <H1>My splunk query file</H1> <P>with open('H:\Query1.txt', 'r') as myfile:<BR /> Splunk_query=myfile.read()</P> <H1>Executing the query for last 2 hours</H1> <P>results_kwargs = {<BR /> "earliest_time": "-2h",<BR /> "latest_time": "now",<BR /> "search_mode": "normal",<BR /> "output_mode": "csv"<BR /> }</P> <P>oneshotsearch_results = service.jobs.oneshot(Splunk_query, **results_kwargs)<BR /> f=open("H:\lasttwohours.csv", 'w')<BR /> f.write(oneshotsearch_results.read())<BR /> f.close()</P> <P>Kindly help me with the export with the absolute results which i am getting it from splunk. </P> <P>NOTE : I dont have permission to change any .conf file since this is the restricted environment. I can run my program and get the results from splunk. </P> Tue, 29 Sep 2020 22:22:36 GMT pchp348 2020-09-29T22:22:36Z Export to csv is not fetching all the results - Python /Splunk SDK https://community.splunk.com/t5/Splunk-Dev/Export-to-csv-is-not-fetching-all-the-results-Python-Splunk-SDK/m-p/432548#M7745 <P>I do have a Python code to run an query and export the search results to .csv files. The program is working perfectly fine but when i opened the search results i could not see all the results. I just validated the same by running the query manually in splunk and exported the result and compared the results with the one which is generated through my code. I am running the query for last 2 hours. </P> <P>My Code - <BR /> import time<BR /> import splunklib.client as client<BR /> import splunklib.results as results<BR /> import csv</P> <H1>import random</H1> <P>HOST = "Server"<BR /> PORT = 8089<BR /> USERNAME = "user"<BR /> PASSWORD = "password"</P> <P>service = client.connect(<BR /> host=HOST,<BR /> port=PORT,<BR /> username=USERNAME,<BR /> password=PASSWORD)</P> <H1>My splunk query file</H1> <P>with open('H:\Query1.txt', 'r') as myfile:<BR /> Splunk_query=myfile.read()</P> <H1>Executing the query for last 2 hours</H1> <P>results_kwargs = {<BR /> "earliest_time": "-2h",<BR /> "latest_time": "now",<BR /> "search_mode": "normal",<BR /> "output_mode": "csv"<BR /> }</P> <P>oneshotsearch_results = service.jobs.oneshot(Splunk_query, **results_kwargs)<BR /> f=open("H:\lasttwohours.csv", 'w')<BR /> f.write(oneshotsearch_results.read())<BR /> f.close()</P> <P>Kindly help me with the export with the absolute results which i am getting it from splunk. </P> <P>NOTE : I dont have permission to change any .conf file since this is the restricted environment. I can run my program and get the results from splunk. </P> Tue, 29 Sep 2020 22:22:36 GMT https://community.splunk.com/t5/Splunk-Dev/Export-to-csv-is-not-fetching-all-the-results-Python-Splunk-SDK/m-p/432548#M7745 pchp348 2020-09-29T22:22:36Z Re: Export to csv is not fetching all the results - Python /Splunk SDK https://community.splunk.com/t5/Splunk-Dev/Export-to-csv-is-not-fetching-all-the-results-Python-Splunk-SDK/m-p/432549#M7746 <P><A href="http://dev.splunk.com/view/python-sdk/SP-CAAAEE5">http://dev.splunk.com/view/python-sdk/SP-CAAAEE5</A><BR /> The document says:</P> <P><STRONG>By default, one-shot searches will return a maximum of 100 events</STRONG>, even if there are more than 100 events in the search results. To return more than 100 events, add the following parameter to your one-shot search's arguments:<BR /> <STRONG>"count": 0</STRONG><BR /> The count parameter, when set to zero, indicates that there is no limit to the number of events to be returned.</P> <P>Maybe you could try to modify your search query.</P> Thu, 17 Oct 2019 03:42:33 GMT https://community.splunk.com/t5/Splunk-Dev/Export-to-csv-is-not-fetching-all-the-results-Python-Splunk-SDK/m-p/432549#M7746 lesley_lin 2019-10-17T03:42:33Z Re: Export to csv is not fetching all the results - Python /Splunk SDK https://community.splunk.com/t5/Splunk-Dev/Export-to-csv-is-not-fetching-all-the-results-Python-Splunk-SDK/m-p/432550#M7747 <P>Like this:<BR /> job = service.jobs.oneshot(searchquery, **results_kwargs, count=0)</P> Thu, 17 Oct 2019 06:11:06 GMT https://community.splunk.com/t5/Splunk-Dev/Export-to-csv-is-not-fetching-all-the-results-Python-Splunk-SDK/m-p/432550#M7747 lesley_lin 2019-10-17T06:11:06Z