Re: How come our API results are only returning th...

aksharp · ‎03-04-2019

I'm trying to get the number of hosts reporting to Splunk via API, but the a normal curl -k is only able to return 100 results.

I tried adding the "count=0" parameter, but it just gives me 100 and cannot go further.

My search strings below.

curl -u user:passwd -k https://XXXX:8089/services/search/jobs -d search="metadata%20type%3Dhosts"
url -u user:passwd -k https://XXXX:8089/services/search/jobs/md_1551723351.24391/results?output_mode=csv&count=0

Any help is appreciated

vandelin · ‎05-26-2020

This is how I got mine to work, not sure the difference between mine and yours, but this worked for me
curl -k -u 'username:password' "https://api.company.com:443/services/search/jobs/$sidkey/results?count=0&output_mode=csv"

my sidkey is just the sid within a variable , change it to a valid sid

somesoni2 · ‎03-04-2019

Try like this

curl -k -u user:passwd -k https://XXXX:8089/services/search/jobs/md_1551723351.24391/results --get  -d count=0 -d output_mode=json

Reference: https://docs.splunk.com/Documentation/Splunk/6.2.6/RESTREF/RESTsearchExamples#search.2Fjobs.2F.7Bsea...

How come our API results are only returning the first 100 results for metadata?

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Are you a member of the Splunk Community?

How come our API results are only returning the first 100 results for metadata?

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition