https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305426#M57638 <P>I write here complete answer if someone need.</P> <P>As already wrote the correct query to curl and export results with PHP is:</P> <PRE><CODE><A href="https://localhost:8089/services/search/jobs//results/?output_mode=csv&amp;count=50000" target="test_blank">https://localhost:8089/services/search/jobs//results/?output_mode=csv&amp;count=50000</A> </CODE></PRE> <P>Then, the root cause of the results truncated to 10.000 was the sort in the table, solved with</P> <PRE><CODE>| sort 0 &lt;field&gt; </CODE></PRE> <P>Regards.</P> Tue, 16 Jan 2018 16:12:24 GMT maurelio79 2018-01-16T16:12:24Z https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305420#M57632 <P>Hi to all, i'm trying to export result with php curl using this :</P> <PRE><CODE>curl -u admin:changeme \ -k https://localhost:8089/servicesNS/admin/search/jobs/1423855196.339/results/ \ --get -d output_mode=csv-d count=5 </CODE></PRE> <P>I made different try in php, but i'm not able to pass parameter like output_mode and count.<BR /> If i try with CURLOPT_POST and CURLOPT_POSTFIELDS i get "Method Not Allowed"</P> <P>Can someone help me please?</P> <P>Thanks and regards.</P> Tue, 29 Sep 2020 17:38:49 GMT https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305420#M57632 maurelio79 2020-09-29T17:38:49Z https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305421#M57633 <P>If i am not wrong there is <CODE>space</CODE> between <CODE>output_mode=csv</CODE> and <CODE>-d count=5</CODE></P> Sat, 13 Jan 2018 13:18:46 GMT https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305421#M57633 mayurr98 2018-01-13T13:18:46Z https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305422#M57634 <P>At the end i was able to do the php curl with a simple GET and calling</P> <P><A href="https://localhost:8089/services/search/jobs//results/?output_mode=csv&amp;count=50000">https://localhost:8089/services/search/jobs//results/?output_mode=csv&amp;count=50000</A></P> <P>Now the problem is that i get just 10.000 results (should be more than 18.000)</P> Sat, 13 Jan 2018 15:02:09 GMT https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305422#M57634 maurelio79 2018-01-13T15:02:09Z https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305423#M57635 <P>Ohk whats is your search? <BR /> And do you get the same numberof results into splunk as well?</P> Sat, 13 Jan 2018 15:19:01 GMT https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305423#M57635 mayurr98 2018-01-13T15:19:01Z https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305424#M57636 <P>Also set <BR /> this is from the limits.conf:</P> <PRE><CODE> [restapi] maxresultrows = &lt;integer&gt; * Maximum result rows to be returned by /events or /results getters from REST API. * Defaults to 50000. As you can see, there is a limit configured. </CODE></PRE> <P>You have two options now:</P> <P>1) Enhance the limit to a value that is suitable for you.<BR /> 2) I think the better option is to repeat your call with a different offset. You split up your requests on this way. Take a look into the answer of this post:</P> <P><A href="http://answers.splunk.com/answers/25411/upper-limit-for-rest-api-limits-conf-maxresultrows.html">http://answers.splunk.com/answers/25411/upper-limit-for-rest-api-limits-conf-maxresultrows.html</A></P> Sat, 13 Jan 2018 15:25:54 GMT https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305424#M57636 mayurr98 2018-01-13T15:25:54Z https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305425#M57637 <P>Default in limits.conf is 50000. Search is an inputlookup | table and it returns more than 18.000</P> Sat, 13 Jan 2018 15:37:45 GMT https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305425#M57637 maurelio79 2018-01-13T15:37:45Z https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305426#M57638 <P>I write here complete answer if someone need.</P> <P>As already wrote the correct query to curl and export results with PHP is:</P> <PRE><CODE><A href="https://localhost:8089/services/search/jobs//results/?output_mode=csv&amp;count=50000" target="test_blank">https://localhost:8089/services/search/jobs//results/?output_mode=csv&amp;count=50000</A> </CODE></PRE> <P>Then, the root cause of the results truncated to 10.000 was the sort in the table, solved with</P> <PRE><CODE>| sort 0 &lt;field&gt; </CODE></PRE> <P>Regards.</P> Tue, 16 Jan 2018 16:12:24 GMT https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305426#M57638 maurelio79 2018-01-16T16:12:24Z https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305427#M57639 <P>Hey <BR /> Sort by default gives 10k results if you want unlimited results then you should use <CODE>sort limit=0</CODE><BR /> I hope this helps you!</P> Tue, 16 Jan 2018 16:22:46 GMT https://community.splunk.com/t5/Getting-Data-In/Using-CURLP-PHP-to-export-results/m-p/305427#M57639 mayurr98 2018-01-16T16:22:46Z