Splunk Dev
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Splunk-Python (requests.get) outputs only first 10...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vamsigurram
Path Finder
11-24-2020
08:50 PM
I wrote the below python code, which is giving me only first 100 events.
I checked online docs, i saw "count = 0" as a solution, to get all results, but that option only works for Splunk SDK (splunklib.client.service)
I am using python's requests library.
Need help in looping/pagination of all the results of this search id (%sid)
import requests
import json
url = base_url + "/services/search/jobs/%s/results" % sid
headers = {
"content-type": "application/x-www-form-urlencoded",
"Authorization": "Splunk %s" % sessionkey
}
payload = {
"output_mode": "json"
}
res = requests.get(url, headers=headers, params=payload, verify = False)
result = json.loads(res.text)["results"]
print("length is %s" % len(result)) =================> Output here is 100
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vamsigurram
Path Finder
11-24-2020
09:05 PM
As soon as i posted this question, i found the answer.
Its indeed count = 0 the answer, as highlighted below.
Been struggling with this for 2 days. But answer is so simple.
url = base_url + "/services/search/jobs/%s/results" % sid
headers = {
"content-type": "application/x-www-form-urlencoded",
"Authorization": "Splunk %s" % sessionkey
}
payload = {
"output_mode": "json",
"count": 0
}
res = requests.get(url, headers=headers, params=payload, verify = False)
result = json.loads(res.text)["results"]
print("length is %s" % len(result))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vamsigurram
Path Finder
11-24-2020
09:05 PM
As soon as i posted this question, i found the answer.
Its indeed count = 0 the answer, as highlighted below.
Been struggling with this for 2 days. But answer is so simple.
url = base_url + "/services/search/jobs/%s/results" % sid
headers = {
"content-type": "application/x-www-form-urlencoded",
"Authorization": "Splunk %s" % sessionkey
}
payload = {
"output_mode": "json",
"count": 0
}
res = requests.get(url, headers=headers, params=payload, verify = False)
result = json.loads(res.text)["results"]
print("length is %s" % len(result))
Get Updates on the Splunk Community!
See your relevant APM services, dashboards, and alerts in one place with the updated ...
As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Cultivate Your Career Growth with Fresh Splunk Training
Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...
Introducing a Smarter Way to Discover Apps on Splunkbase
We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.
Because we’ve ...
